"alerts.log" - Views: 45 · Hits: 45 - Type: Public

09/29/2021-23:00:55.132380  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.52:41802 -> 18.194.25.54:80
09/29/2021-23:00:55.247581  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.52:41036 -> 18.198.159.62:80
09/29/2021-23:00:55.350661  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.52:43532 -> 18.195.176.38:80
09/29/2021-23:22:57.229122  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:56334 -> 54.163.243.149:80
09/29/2021-23:23:46.688024  [**] [1:2018918:4] ET POLICY possible Xiaomi phone data leakage DNS [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.10.20.52:63476 -> 10.10.20.1:53
09/29/2021-23:28:00.262857  [**] [1:2210010:2] SURICATA STREAM 3way handshake wrong seq wrong ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38854 -> 10.10.10.1:443
09/29/2021-23:29:00.272541  [**] [1:2260001:1] SURICATA Applayer Wrong direction first Data [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:39672 -> 10.10.10.1:443
09/29/2021-23:33:53.528311  [**] [1:2210027:2] SURICATA STREAM ESTABLISHED SYN resend with different seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:33:53.528325  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:33:53.529883  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:33:53.534096  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:33:53.534109  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:33:53.537276  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:33:53.537280  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:33:53.539053  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:33:53.539307  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:33:53.542096  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:33:53.542104  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:33:53.542136  [**] [1:2210030:2] SURICATA STREAM FIN invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:36:39.105083  [**] [1:2210027:2] SURICATA STREAM ESTABLISHED SYN resend with different seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:36:39.105099  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:36:39.108037  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:36:39.112347  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:36:39.112355  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:36:39.114287  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:36:39.114289  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:36:39.121818  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:36:39.122004  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:36:39.122818  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:36:39.122823  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:39:02.246305  [**] [1:2210027:2] SURICATA STREAM ESTABLISHED SYN resend with different seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43758 -> 10.10.10.1:443
09/29/2021-23:39:02.246322  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:43758
09/29/2021-23:39:02.248210  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43758 -> 10.10.10.1:443
09/29/2021-23:39:02.248799  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43758 -> 10.10.10.1:443
09/29/2021-23:39:02.248808  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:43758
09/29/2021-23:39:02.250737  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:43758
09/29/2021-23:39:02.250740  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:43758
09/29/2021-23:39:02.252038  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43758 -> 10.10.10.1:443
09/29/2021-23:39:02.252301  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43758 -> 10.10.10.1:443
09/29/2021-23:39:02.253083  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43758 -> 10.10.10.1:443
09/29/2021-23:39:02.253090  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:43758
09/29/2021-23:39:02.253110  [**] [1:2210030:2] SURICATA STREAM FIN invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:43758
09/29/2021-23:40:29.790297  [**] [1:2210027:2] SURICATA STREAM ESTABLISHED SYN resend with different seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:40:29.790309  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:40:29.791872  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:40:29.793229  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:40:29.793234  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:40:29.795040  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:40:29.795042  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:40:29.797504  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:40:29.797788  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:40:29.801850  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:46806 -> 10.10.10.1:443
09/29/2021-23:40:29.801855  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:40:29.801867  [**] [1:2210030:2] SURICATA STREAM FIN invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:46806
09/29/2021-23:43:04.365785  [**] [1:2210027:2] SURICATA STREAM ESTABLISHED SYN resend with different seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:43:04.365799  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:43:04.368740  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:43:04.370127  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:43:04.370136  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:43:04.372206  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:43:04.372209  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:43:04.374312  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:43:04.374575  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:43:04.377649  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:38852 -> 10.10.10.1:443
09/29/2021-23:43:04.377657  [**] [1:2210029:2] SURICATA STREAM ESTABLISHED invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/29/2021-23:43:04.377687  [**] [1:2210030:2] SURICATA STREAM FIN invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.51:38852
09/30/2021-01:06:45.820222  [**] [1:2018959:4] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 2.18.240.169:80 -> 10.10.20.22:59358
09/30/2021-01:18:15.277177  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:50688 -> 54.82.52.212:80
09/30/2021-01:45:28.571925  [**] [1:2403314:69147] ET CINS Active Threat Intelligence Poor Reputation IP group 15 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 24.61.212.249:49001 -> 10.10.20.198:6881
09/30/2021-02:23:58.844212  [**] [1:2221050:1] SURICATA HTTP too many warnings [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.22:59358 -> 2.18.240.169:80
09/30/2021-02:24:07.918587  [**] [1:2221050:1] SURICATA HTTP too many warnings [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 2.18.240.169:80 -> 10.10.20.22:59358
09/30/2021-03:18:42.459630  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 191.96.237.133:40052 -> 10.10.20.198:41661
09/30/2021-04:11:07.466850  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:52688 -> 3.227.77.98:80
09/30/2021-05:08:45.251875  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:52610 -> 34.194.6.91:80
09/30/2021-05:11:16.409550  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.22:59584 -> 23.194.176.88:80
09/30/2021-05:11:16.858325  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.22:59585 -> 20.86.173.234:80
09/30/2021-05:45:43.200495  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 191.96.237.133:40052 -> 10.10.20.198:33279
09/30/2021-06:14:02.110252  [**] [1:2403364:69147] ET CINS Active Threat Intelligence Poor Reputation IP group 65 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 54.39.16.25:36039 -> 10.10.20.198:6881
09/30/2021-06:16:31.563001  [**] [1:2403305:69147] ET CINS Active Threat Intelligence Poor Reputation IP group 6 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 5.196.89.53:33021 -> 10.10.20.198:6881
09/30/2021-06:19:46.875113  [**] [1:2018918:4] ET POLICY possible Xiaomi phone data leakage DNS [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.10.20.52:4178 -> 10.10.20.1:53
09/30/2021-08:25:18.292894  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:48288 -> 18.195.176.38:80
09/30/2021-08:25:18.431639  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:49778 -> 18.185.187.16:80
09/30/2021-08:25:18.498170  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:48576 -> 54.93.71.63:80
09/30/2021-08:25:18.574067  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:48468 -> 3.68.156.194:80
09/30/2021-08:25:18.645630  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:43148 -> 52.28.189.65:80
09/30/2021-08:25:18.714519  [**] [1:2260000:1] SURICATA Applayer Mismatch protocol both directions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:37974 -> 18.197.35.155:80
09/30/2021-08:25:19.863131  [**] [1:2018918:4] ET POLICY possible Xiaomi phone data leakage DNS [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.10.20.51:32045 -> 10.10.20.1:53
09/30/2021-08:31:58.786210  [**] [1:2200075:2] SURICATA UDPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {UDP} 106.198.161.163:30631 -> 10.10.20.198:6881
09/30/2021-08:58:58.422010  [**] [1:2403322:69147] ET CINS Active Threat Intelligence Poor Reputation IP group 23 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 35.230.102.185:29557 -> 10.10.20.198:6881
09/30/2021-08:59:22.170741  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:52538 -> 34.198.172.142:80
09/30/2021-09:39:16.154487  [wDrop] [**] [1:2027761:4] ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 138.199.36.117:80 -> 10.10.20.21:50268
09/30/2021-09:50:00.681755  [**] [1:2260001:1] SURICATA Applayer Wrong direction first Data [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.23:53377 -> 10.10.10.1:443
09/30/2021-09:52:15.166936  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.222:61214 -> 23.194.176.88:80
09/30/2021-09:52:15.712403  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.222:61218 -> 52.188.50.245:80
09/30/2021-09:56:55.397228  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:44442 -> 35.173.167.207:80
09/30/2021-10:06:35.287441  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.222:60271 -> 23.194.176.88:80
09/30/2021-10:06:35.696406  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.222:60272 -> 52.188.50.245:80
09/30/2021-10:06:35.834654  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.222:60273 -> 23.194.176.88:80
09/30/2021-10:06:36.044929  [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.222:60272 -> 52.188.50.245:80
09/30/2021-10:52:46.688389  [wDrop] [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.25:52519 -> 23.194.176.88:80
09/30/2021-11:30:41.891971  [**] [1:2210027:2] SURICATA STREAM ESTABLISHED SYN resend with different seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.23:58561 -> 10.10.10.1:443
09/30/2021-11:30:41.891983  [**] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.23:58561
09/30/2021-11:30:41.930569  [**] [1:2210030:2] SURICATA STREAM FIN invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.10.1:443 -> 10.10.20.23:58561
09/30/2021-11:34:00.356936  [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.168.69.2:35344 -> 34.234.37.191:80