--- /dev/null
+requires:
+ version: 5
+
+args:
+- -k none
+
+checks:
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 0
+ flow.bytes_toserver: 170
+ flow.pkts_toclient: 0
+ flow.pkts_toserver: 1
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: 38a4e9f6
+ nfs.id: 1
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 11
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961884
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 0
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 0
+ flow.bytes_toserver: 170
+ flow.pkts_toclient: 0
+ flow.pkts_toserver: 1
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: 38a4e9f6
+ nfs.id: 1
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 11
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961884
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 0
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 0
+ flow.bytes_toserver: 170
+ flow.pkts_toclient: 0
+ flow.pkts_toserver: 1
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: 38a4e9f6
+ nfs.id: 1
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 11
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961884
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 0
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 154
+ flow.bytes_toserver: 340
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 2
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 2
+ nfs.procedure: FSINFO
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 13
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961885
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 1
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 154
+ flow.bytes_toserver: 340
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 2
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 2
+ nfs.procedure: FSINFO
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 13
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961885
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 1
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 154
+ flow.bytes_toserver: 340
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 2
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 2
+ nfs.procedure: FSINFO
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 13
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961885
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 1
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 2
+ nfs.procedure: FSINFO
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 14
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961885
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 360
+ flow.bytes_toserver: 510
+ flow.pkts_toclient: 2
+ flow.pkts_toserver: 3
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 3
+ nfs.procedure: FSSTAT
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 15
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961886
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 2
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 360
+ flow.bytes_toserver: 510
+ flow.pkts_toclient: 2
+ flow.pkts_toserver: 3
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 3
+ nfs.procedure: FSSTAT
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 15
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961886
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 2
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 360
+ flow.bytes_toserver: 510
+ flow.pkts_toclient: 2
+ flow.pkts_toserver: 3
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 3
+ nfs.procedure: FSSTAT
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 15
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961886
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 2
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 3
+ nfs.procedure: FSSTAT
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 16
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961886
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 570
+ flow.bytes_toserver: 680
+ flow.pkts_toclient: 3
+ flow.pkts_toserver: 4
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 4
+ nfs.procedure: PATHCONF
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 17
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961887
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 3
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 570
+ flow.bytes_toserver: 680
+ flow.pkts_toclient: 3
+ flow.pkts_toserver: 4
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 4
+ nfs.procedure: PATHCONF
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 17
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961887
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 3
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 570
+ flow.bytes_toserver: 680
+ flow.pkts_toclient: 3
+ flow.pkts_toserver: 4
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 4
+ nfs.procedure: PATHCONF
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 17
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961887
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 3
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 4
+ nfs.procedure: PATHCONF
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 18
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961887
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 752
+ flow.bytes_toserver: 858
+ flow.pkts_toclient: 4
+ flow.pkts_toserver: 5
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 5
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 19
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961888
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 4
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 752
+ flow.bytes_toserver: 858
+ flow.pkts_toclient: 4
+ flow.pkts_toserver: 5
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 5
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 19
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961888
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 4
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 752
+ flow.bytes_toserver: 858
+ flow.pkts_toclient: 4
+ flow.pkts_toserver: 5
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 5
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 19
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961888
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 4
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 752
+ flow.bytes_toserver: 858
+ flow.pkts_toclient: 4
+ flow.pkts_toserver: 5
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 5
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 19
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961888
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 4
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 5
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 20
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961888
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 826
+ flow.bytes_toserver: 1036
+ flow.pkts_toclient: 5
+ flow.pkts_toserver: 6
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 6
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 21
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961889
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 5
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 826
+ flow.bytes_toserver: 1036
+ flow.pkts_toclient: 5
+ flow.pkts_toserver: 6
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 6
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 21
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961889
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 5
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 826
+ flow.bytes_toserver: 1036
+ flow.pkts_toclient: 5
+ flow.pkts_toserver: 6
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 6
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 21
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961889
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 5
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 826
+ flow.bytes_toserver: 1036
+ flow.pkts_toclient: 5
+ flow.pkts_toserver: 6
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 6
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 21
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961889
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 5
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 6
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 22
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961889
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 900
+ flow.bytes_toserver: 1262
+ flow.pkts_toclient: 6
+ flow.pkts_toserver: 7
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 7
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 23
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961890
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 6
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 900
+ flow.bytes_toserver: 1262
+ flow.pkts_toclient: 6
+ flow.pkts_toserver: 7
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 7
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 23
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961890
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 6
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 900
+ flow.bytes_toserver: 1262
+ flow.pkts_toclient: 6
+ flow.pkts_toserver: 7
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 7
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 23
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961890
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 6
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 7
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 24
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961890
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1214
+ flow.bytes_toserver: 1432
+ flow.pkts_toclient: 7
+ flow.pkts_toserver: 8
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 131299c5
+ nfs.id: 8
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 25
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961891
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 7
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1214
+ flow.bytes_toserver: 1432
+ flow.pkts_toclient: 7
+ flow.pkts_toserver: 8
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 131299c5
+ nfs.id: 8
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 25
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961891
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 7
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1214
+ flow.bytes_toserver: 1432
+ flow.pkts_toclient: 7
+ flow.pkts_toserver: 8
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 131299c5
+ nfs.id: 8
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 25
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961891
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 7
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1368
+ flow.bytes_toserver: 1638
+ flow.pkts_toclient: 8
+ flow.pkts_toserver: 9
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 9
+ nfs.procedure: SETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 27
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961892
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 8
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1368
+ flow.bytes_toserver: 1638
+ flow.pkts_toclient: 8
+ flow.pkts_toserver: 9
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 9
+ nfs.procedure: SETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 27
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961892
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 8
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1368
+ flow.bytes_toserver: 1638
+ flow.pkts_toclient: 8
+ flow.pkts_toserver: 9
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 9
+ nfs.procedure: SETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 27
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961892
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 8
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1368
+ flow.bytes_toserver: 1638
+ flow.pkts_toclient: 8
+ flow.pkts_toserver: 9
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 9
+ nfs.procedure: SETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 27
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961892
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 8
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 9
+ nfs.procedure: SETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 28
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961892
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1554
+ flow.bytes_toserver: 1816
+ flow.pkts_toclient: 9
+ flow.pkts_toserver: 10
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 10
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 29
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961893
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 9
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1554
+ flow.bytes_toserver: 1816
+ flow.pkts_toclient: 9
+ flow.pkts_toserver: 10
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 10
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 29
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961893
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 9
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1554
+ flow.bytes_toserver: 1816
+ flow.pkts_toclient: 9
+ flow.pkts_toserver: 10
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 10
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 29
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961893
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 9
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1554
+ flow.bytes_toserver: 1816
+ flow.pkts_toclient: 9
+ flow.pkts_toserver: 10
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 10
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 29
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961893
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 9
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 10
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 30
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961893
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1628
+ flow.bytes_toserver: 1994
+ flow.pkts_toclient: 10
+ flow.pkts_toserver: 11
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 11
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 31
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961894
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 10
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1628
+ flow.bytes_toserver: 1994
+ flow.pkts_toclient: 10
+ flow.pkts_toserver: 11
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 11
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 31
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961894
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 10
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1628
+ flow.bytes_toserver: 1994
+ flow.pkts_toclient: 10
+ flow.pkts_toserver: 11
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 11
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 31
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961894
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 10
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1628
+ flow.bytes_toserver: 1994
+ flow.pkts_toclient: 10
+ flow.pkts_toserver: 11
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 11
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 31
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961894
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 10
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 11
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 32
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961894
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1702
+ flow.bytes_toserver: 2172
+ flow.pkts_toclient: 11
+ flow.pkts_toserver: 12
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 12
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 33
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961895
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 11
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1702
+ flow.bytes_toserver: 2172
+ flow.pkts_toclient: 11
+ flow.pkts_toserver: 12
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 12
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 33
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961895
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 11
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1702
+ flow.bytes_toserver: 2172
+ flow.pkts_toclient: 11
+ flow.pkts_toserver: 12
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 12
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 33
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961895
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 11
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1702
+ flow.bytes_toserver: 2172
+ flow.pkts_toclient: 11
+ flow.pkts_toserver: 12
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.id: 12
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 33
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961895
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 11
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 131299c5
+ nfs.id: 12
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 34
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961895
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1984
+ flow.bytes_toserver: 2350
+ flow.pkts_toclient: 12
+ flow.pkts_toserver: 13
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 13
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 35
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961896
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 12
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1984
+ flow.bytes_toserver: 2350
+ flow.pkts_toclient: 12
+ flow.pkts_toserver: 13
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 13
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 35
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961896
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 12
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1984
+ flow.bytes_toserver: 2350
+ flow.pkts_toclient: 12
+ flow.pkts_toserver: 13
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 13
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 35
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961896
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 12
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 1984
+ flow.bytes_toserver: 2350
+ flow.pkts_toclient: 12
+ flow.pkts_toserver: 13
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 13
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 35
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961896
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 12
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 13
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 36
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961896
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2058
+ flow.bytes_toserver: 2572
+ flow.pkts_toclient: 13
+ flow.pkts_toserver: 14
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 14
+ nfs.procedure: RENAME
+ nfs.rename.from: a
+ nfs.rename.to: am
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 37
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961897
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 13
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2058
+ flow.bytes_toserver: 2572
+ flow.pkts_toclient: 13
+ flow.pkts_toserver: 14
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 14
+ nfs.procedure: RENAME
+ nfs.rename.from: a
+ nfs.rename.to: am
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 37
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961897
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 13
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2058
+ flow.bytes_toserver: 2572
+ flow.pkts_toclient: 13
+ flow.pkts_toserver: 14
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 14
+ nfs.procedure: RENAME
+ nfs.rename.from: a
+ nfs.rename.to: am
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 37
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961897
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 13
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: a
+ nfs.hhash: 38a4e9f6
+ nfs.id: 14
+ nfs.procedure: RENAME
+ nfs.rename.from: a
+ nfs.rename.to: am
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 38
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961897
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2360
+ flow.bytes_toserver: 2750
+ flow.pkts_toclient: 14
+ flow.pkts_toserver: 15
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 15
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 39
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961898
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 14
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2360
+ flow.bytes_toserver: 2750
+ flow.pkts_toclient: 14
+ flow.pkts_toserver: 15
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 15
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 39
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961898
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 14
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2360
+ flow.bytes_toserver: 2750
+ flow.pkts_toclient: 14
+ flow.pkts_toserver: 15
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 15
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 39
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961898
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 14
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2360
+ flow.bytes_toserver: 2750
+ flow.pkts_toclient: 14
+ flow.pkts_toserver: 15
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 15
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 39
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961898
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 14
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.hhash: a5fcf973
+ nfs.id: 15
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 40
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961898
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2642
+ flow.bytes_toserver: 2928
+ flow.pkts_toclient: 15
+ flow.pkts_toserver: 16
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 16
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 41
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961899
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 15
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2642
+ flow.bytes_toserver: 2928
+ flow.pkts_toclient: 15
+ flow.pkts_toserver: 16
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 16
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 41
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961899
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 15
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2642
+ flow.bytes_toserver: 2928
+ flow.pkts_toclient: 15
+ flow.pkts_toserver: 16
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 16
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 41
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961899
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 15
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2642
+ flow.bytes_toserver: 2928
+ flow.pkts_toclient: 15
+ flow.pkts_toserver: 16
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 16
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 41
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961899
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 15
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 16
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 42
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961899
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2716
+ flow.bytes_toserver: 3106
+ flow.pkts_toclient: 16
+ flow.pkts_toserver: 17
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 17
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 43
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961900
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 16
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2716
+ flow.bytes_toserver: 3106
+ flow.pkts_toclient: 16
+ flow.pkts_toserver: 17
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 17
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 43
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961900
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 16
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2716
+ flow.bytes_toserver: 3106
+ flow.pkts_toclient: 16
+ flow.pkts_toserver: 17
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 17
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 43
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961900
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 16
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2716
+ flow.bytes_toserver: 3106
+ flow.pkts_toclient: 16
+ flow.pkts_toserver: 17
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 17
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 43
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961900
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 16
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 17
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 44
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961900
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2790
+ flow.bytes_toserver: 3320
+ flow.pkts_toclient: 17
+ flow.pkts_toserver: 18
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 18
+ nfs.procedure: LINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 45
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961901
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 17
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2790
+ flow.bytes_toserver: 3320
+ flow.pkts_toclient: 17
+ flow.pkts_toserver: 18
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 18
+ nfs.procedure: LINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 45
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961901
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 17
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 2790
+ flow.bytes_toserver: 3320
+ flow.pkts_toclient: 17
+ flow.pkts_toserver: 18
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 18
+ nfs.procedure: LINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 45
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961901
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 17
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 18
+ nfs.procedure: LINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 46
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 1869440256
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961901
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3064
+ flow.bytes_toserver: 3498
+ flow.pkts_toclient: 18
+ flow.pkts_toserver: 19
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 19
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 47
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961902
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 18
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3064
+ flow.bytes_toserver: 3498
+ flow.pkts_toclient: 18
+ flow.pkts_toserver: 19
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 19
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 47
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961902
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 18
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3064
+ flow.bytes_toserver: 3498
+ flow.pkts_toclient: 18
+ flow.pkts_toserver: 19
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 19
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 47
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961902
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 18
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3064
+ flow.bytes_toserver: 3498
+ flow.pkts_toclient: 18
+ flow.pkts_toserver: 19
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 19
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 47
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961902
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 18
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 19
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 48
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961902
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3138
+ flow.bytes_toserver: 3676
+ flow.pkts_toclient: 19
+ flow.pkts_toserver: 20
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 20
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 49
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961903
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 19
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3138
+ flow.bytes_toserver: 3676
+ flow.pkts_toclient: 19
+ flow.pkts_toserver: 20
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 20
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 49
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961903
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 19
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3138
+ flow.bytes_toserver: 3676
+ flow.pkts_toclient: 19
+ flow.pkts_toserver: 20
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 20
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 49
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961903
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 19
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3138
+ flow.bytes_toserver: 3676
+ flow.pkts_toclient: 19
+ flow.pkts_toserver: 20
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 20
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 49
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961903
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 19
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 20
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 50
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961903
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3212
+ flow.bytes_toserver: 3898
+ flow.pkts_toclient: 20
+ flow.pkts_toserver: 21
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 21
+ nfs.procedure: SYMLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 51
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961904
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 20
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3212
+ flow.bytes_toserver: 3898
+ flow.pkts_toclient: 20
+ flow.pkts_toserver: 21
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 21
+ nfs.procedure: SYMLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 51
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961904
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 20
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3212
+ flow.bytes_toserver: 3898
+ flow.pkts_toclient: 20
+ flow.pkts_toserver: 21
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 21
+ nfs.procedure: SYMLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 51
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961904
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 20
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 21
+ nfs.procedure: SYMLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 52
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961904
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3502
+ flow.bytes_toserver: 4076
+ flow.pkts_toclient: 21
+ flow.pkts_toserver: 22
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.id: 22
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 53
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961905
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 21
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3502
+ flow.bytes_toserver: 4076
+ flow.pkts_toclient: 21
+ flow.pkts_toserver: 22
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.id: 22
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 53
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961905
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 21
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3502
+ flow.bytes_toserver: 4076
+ flow.pkts_toclient: 21
+ flow.pkts_toserver: 22
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.id: 22
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 53
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961905
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 21
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3502
+ flow.bytes_toserver: 4076
+ flow.pkts_toclient: 21
+ flow.pkts_toserver: 22
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.id: 22
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 53
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961905
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 21
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 22
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 54
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961905
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3784
+ flow.bytes_toserver: 4250
+ flow.pkts_toclient: 22
+ flow.pkts_toserver: 23
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 23
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 55
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961906
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 22
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3784
+ flow.bytes_toserver: 4250
+ flow.pkts_toclient: 22
+ flow.pkts_toserver: 23
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 23
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 55
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961906
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 22
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3784
+ flow.bytes_toserver: 4250
+ flow.pkts_toclient: 22
+ flow.pkts_toserver: 23
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 23
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 55
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961906
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 22
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3784
+ flow.bytes_toserver: 4250
+ flow.pkts_toclient: 22
+ flow.pkts_toserver: 23
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 23
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 55
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961906
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 22
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 23
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 56
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961906
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3946
+ flow.bytes_toserver: 4420
+ flow.pkts_toclient: 23
+ flow.pkts_toserver: 24
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 24
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 57
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961907
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 23
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3946
+ flow.bytes_toserver: 4420
+ flow.pkts_toclient: 23
+ flow.pkts_toserver: 24
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 24
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 57
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961907
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 23
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 3946
+ flow.bytes_toserver: 4420
+ flow.pkts_toclient: 23
+ flow.pkts_toserver: 24
+ nfs.file_tx: false
+ nfs.filename: .
+ nfs.hhash: 38a4e9f6
+ nfs.id: 24
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 57
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961907
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 23
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4100
+ flow.bytes_toserver: 4610
+ flow.pkts_toclient: 24
+ flow.pkts_toserver: 25
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 25
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 59
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961908
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 24
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4100
+ flow.bytes_toserver: 4610
+ flow.pkts_toclient: 24
+ flow.pkts_toserver: 25
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 25
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 59
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961908
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 24
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4100
+ flow.bytes_toserver: 4610
+ flow.pkts_toclient: 24
+ flow.pkts_toserver: 25
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 25
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 59
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961908
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 24
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 25
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 60
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961908
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4442
+ flow.bytes_toserver: 4788
+ flow.pkts_toclient: 25
+ flow.pkts_toserver: 26
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 26
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 61
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961909
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 25
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4442
+ flow.bytes_toserver: 4788
+ flow.pkts_toclient: 25
+ flow.pkts_toserver: 26
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 26
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 61
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961909
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 25
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4442
+ flow.bytes_toserver: 4788
+ flow.pkts_toclient: 25
+ flow.pkts_toserver: 26
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 26
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 61
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961909
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 25
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4442
+ flow.bytes_toserver: 4788
+ flow.pkts_toclient: 25
+ flow.pkts_toserver: 26
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 26
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 61
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961909
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 25
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 131299c5
+ nfs.id: 26
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 62
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961909
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4724
+ flow.bytes_toserver: 4966
+ flow.pkts_toclient: 26
+ flow.pkts_toserver: 27
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 27
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 63
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961910
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 26
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4724
+ flow.bytes_toserver: 4966
+ flow.pkts_toclient: 26
+ flow.pkts_toserver: 27
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 27
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 63
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961910
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 26
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4724
+ flow.bytes_toserver: 4966
+ flow.pkts_toclient: 26
+ flow.pkts_toserver: 27
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 27
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 63
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961910
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 26
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 4724
+ flow.bytes_toserver: 4966
+ flow.pkts_toclient: 26
+ flow.pkts_toserver: 27
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 27
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 63
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961910
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 26
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 27
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 64
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961910
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5006
+ flow.bytes_toserver: 5136
+ flow.pkts_toclient: 27
+ flow.pkts_toserver: 28
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 28
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 65
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961911
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 27
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5006
+ flow.bytes_toserver: 5136
+ flow.pkts_toclient: 27
+ flow.pkts_toserver: 28
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 28
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 65
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961911
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 27
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5006
+ flow.bytes_toserver: 5136
+ flow.pkts_toclient: 27
+ flow.pkts_toserver: 28
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 28
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 65
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961911
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 27
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 28
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 66
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961911
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5172
+ flow.bytes_toserver: 5314
+ flow.pkts_toclient: 28
+ flow.pkts_toserver: 29
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.id: 29
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 67
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961912
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 28
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5172
+ flow.bytes_toserver: 5314
+ flow.pkts_toclient: 28
+ flow.pkts_toserver: 29
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.id: 29
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 67
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961912
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 28
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5172
+ flow.bytes_toserver: 5314
+ flow.pkts_toclient: 28
+ flow.pkts_toserver: 29
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.id: 29
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 67
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961912
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 28
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5172
+ flow.bytes_toserver: 5314
+ flow.pkts_toclient: 28
+ flow.pkts_toserver: 29
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.id: 29
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 67
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961912
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 28
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.id: 29
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 68
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961912
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5246
+ flow.bytes_toserver: 5528
+ flow.pkts_toclient: 29
+ flow.pkts_toserver: 30
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 30
+ nfs.procedure: MKDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 69
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961913
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 29
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5246
+ flow.bytes_toserver: 5528
+ flow.pkts_toclient: 29
+ flow.pkts_toserver: 30
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 30
+ nfs.procedure: MKDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 69
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961913
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 29
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5246
+ flow.bytes_toserver: 5528
+ flow.pkts_toclient: 29
+ flow.pkts_toserver: 30
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 30
+ nfs.procedure: MKDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 69
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961913
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 29
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 30
+ nfs.procedure: MKDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 70
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961913
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5560
+ flow.bytes_toserver: 5706
+ flow.pkts_toclient: 30
+ flow.pkts_toserver: 31
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.id: 31
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 71
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961914
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 30
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5560
+ flow.bytes_toserver: 5706
+ flow.pkts_toclient: 30
+ flow.pkts_toserver: 31
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.id: 31
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 71
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961914
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 30
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5560
+ flow.bytes_toserver: 5706
+ flow.pkts_toclient: 30
+ flow.pkts_toserver: 31
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.id: 31
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 71
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961914
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 30
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5560
+ flow.bytes_toserver: 5706
+ flow.pkts_toclient: 30
+ flow.pkts_toserver: 31
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.id: 31
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 71
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961914
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 30
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.id: 31
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 72
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961914
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5634
+ flow.bytes_toserver: 5932
+ flow.pkts_toclient: 31
+ flow.pkts_toserver: 32
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 32
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 73
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961915
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 31
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5634
+ flow.bytes_toserver: 5932
+ flow.pkts_toclient: 31
+ flow.pkts_toserver: 32
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 32
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 73
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961915
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 31
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5634
+ flow.bytes_toserver: 5932
+ flow.pkts_toclient: 31
+ flow.pkts_toserver: 32
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 32
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 73
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961915
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 31
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 32
+ nfs.procedure: CREATE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 74
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961915
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5948
+ flow.bytes_toserver: 6102
+ flow.pkts_toclient: 32
+ flow.pkts_toserver: 33
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 33
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 75
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961916
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 32
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5948
+ flow.bytes_toserver: 6102
+ flow.pkts_toclient: 32
+ flow.pkts_toserver: 33
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 33
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 75
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961916
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 32
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 5948
+ flow.bytes_toserver: 6102
+ flow.pkts_toclient: 32
+ flow.pkts_toserver: 33
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 33
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 75
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961916
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 32
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6102
+ flow.bytes_toserver: 6300
+ flow.pkts_toclient: 33
+ flow.pkts_toserver: 34
+ nfs.file_tx: true
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 34
+ nfs.procedure: WRITE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ nfs.write.chunks: 0
+ nfs.write.first: true
+ nfs.write.last: false
+ nfs.write.last_xid: 0
+ pcap_cnt: 77
+ proto: UDP
+ rpc.auth_type: 'NULL'
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961917
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 33
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6102
+ flow.bytes_toserver: 6300
+ flow.pkts_toclient: 33
+ flow.pkts_toserver: 34
+ nfs.file_tx: true
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 34
+ nfs.procedure: WRITE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ nfs.write.chunks: 0
+ nfs.write.first: true
+ nfs.write.last: false
+ nfs.write.last_xid: 0
+ pcap_cnt: 77
+ proto: UDP
+ rpc.auth_type: 'NULL'
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961917
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 33
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6102
+ flow.bytes_toserver: 6300
+ flow.pkts_toclient: 33
+ flow.pkts_toserver: 34
+ nfs.file_tx: true
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 34
+ nfs.procedure: WRITE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ nfs.write.chunks: 0
+ nfs.write.first: true
+ nfs.write.last: false
+ nfs.write.last_xid: 0
+ pcap_cnt: 77
+ proto: UDP
+ rpc.auth_type: 'NULL'
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961917
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 33
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6304
+ flow.bytes_toserver: 6474
+ flow.pkts_toclient: 34
+ flow.pkts_toserver: 35
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 35
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 79
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961918
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 34
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6304
+ flow.bytes_toserver: 6474
+ flow.pkts_toclient: 34
+ flow.pkts_toserver: 35
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 35
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 79
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961918
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 34
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6304
+ flow.bytes_toserver: 6474
+ flow.pkts_toclient: 34
+ flow.pkts_toserver: 35
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 35
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 79
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961918
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 34
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6304
+ flow.bytes_toserver: 6474
+ flow.pkts_toclient: 34
+ flow.pkts_toserver: 35
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 35
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 79
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961918
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 34
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 35
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 80
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961918
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6466
+ flow.bytes_toserver: 6644
+ flow.pkts_toclient: 35
+ flow.pkts_toserver: 36
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 36
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 81
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961919
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 35
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6466
+ flow.bytes_toserver: 6644
+ flow.pkts_toclient: 35
+ flow.pkts_toserver: 36
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 36
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 81
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961919
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 35
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6466
+ flow.bytes_toserver: 6644
+ flow.pkts_toclient: 35
+ flow.pkts_toserver: 36
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: 3baec21a
+ nfs.id: 36
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 81
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961919
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 35
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6620
+ flow.bytes_toserver: 6818
+ flow.pkts_toclient: 36
+ flow.pkts_toserver: 37
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 37
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 83
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961920
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 36
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6620
+ flow.bytes_toserver: 6818
+ flow.pkts_toclient: 36
+ flow.pkts_toserver: 37
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 37
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 83
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961920
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 36
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6620
+ flow.bytes_toserver: 6818
+ flow.pkts_toclient: 36
+ flow.pkts_toserver: 37
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 37
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 83
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961920
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 36
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6620
+ flow.bytes_toserver: 6818
+ flow.pkts_toclient: 36
+ flow.pkts_toserver: 37
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 37
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 83
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961920
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 36
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 37
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 84
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961920
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6782
+ flow.bytes_toserver: 6988
+ flow.pkts_toclient: 37
+ flow.pkts_toserver: 38
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 38
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 85
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961921
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 37
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6782
+ flow.bytes_toserver: 6988
+ flow.pkts_toclient: 37
+ flow.pkts_toserver: 38
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 38
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 85
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961921
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 37
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6782
+ flow.bytes_toserver: 6988
+ flow.pkts_toclient: 37
+ flow.pkts_toserver: 38
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 38
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 85
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961921
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 37
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6936
+ flow.bytes_toserver: 7170
+ flow.pkts_toclient: 38
+ flow.pkts_toserver: 39
+ nfs.file_tx: true
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 39
+ nfs.procedure: READ
+ nfs.read.chunks: 0
+ nfs.read.first: true
+ nfs.read.last: false
+ nfs.read.last_xid: 0
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 87
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961922
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 38
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6936
+ flow.bytes_toserver: 7170
+ flow.pkts_toclient: 38
+ flow.pkts_toserver: 39
+ nfs.file_tx: true
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 39
+ nfs.procedure: READ
+ nfs.read.chunks: 0
+ nfs.read.first: true
+ nfs.read.last: false
+ nfs.read.last_xid: 0
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 87
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961922
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 38
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 6936
+ flow.bytes_toserver: 7170
+ flow.pkts_toclient: 38
+ flow.pkts_toserver: 39
+ nfs.file_tx: true
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 39
+ nfs.procedure: READ
+ nfs.read.chunks: 0
+ nfs.read.first: true
+ nfs.read.last: false
+ nfs.read.last_xid: 0
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 87
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961922
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 38
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: true
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 39
+ nfs.procedure: READ
+ nfs.read.chunks: 1
+ nfs.read.first: true
+ nfs.read.last: true
+ nfs.read.last_xid: 1578961922
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 88
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961922
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ app_proto: nfs
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: fileinfo
+ fileinfo.filename: bln
+ fileinfo.gaps: false
+ fileinfo.size: 11
+ fileinfo.state: CLOSED
+ fileinfo.stored: false
+ fileinfo.tx_id: 38
+ nfs.file_tx: true
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 39
+ nfs.procedure: READ
+ nfs.read.chunks: 1
+ nfs.read.first: true
+ nfs.read.last: true
+ nfs.read.last_xid: 1578961922
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 88
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961922
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7320
+ flow.bytes_toserver: 7554
+ flow.pkts_toclient: 40
+ flow.pkts_toserver: 41
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 40
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 91
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961924
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 39
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7320
+ flow.bytes_toserver: 7554
+ flow.pkts_toclient: 40
+ flow.pkts_toserver: 41
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 40
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 91
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961924
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 39
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7320
+ flow.bytes_toserver: 7554
+ flow.pkts_toclient: 40
+ flow.pkts_toserver: 41
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 40
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 91
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961924
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 39
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7320
+ flow.bytes_toserver: 7554
+ flow.pkts_toclient: 40
+ flow.pkts_toserver: 41
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 40
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 91
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961924
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 39
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 40
+ nfs.procedure: ACCESS
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 92
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961924
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7482
+ flow.bytes_toserver: 7724
+ flow.pkts_toclient: 41
+ flow.pkts_toserver: 42
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 41
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 93
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961925
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 40
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7482
+ flow.bytes_toserver: 7724
+ flow.pkts_toclient: 41
+ flow.pkts_toserver: 42
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 41
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 93
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961925
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 40
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 10
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7482
+ flow.bytes_toserver: 7724
+ flow.pkts_toclient: 41
+ flow.pkts_toserver: 42
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.hhash: e87927b5
+ nfs.id: 41
+ nfs.procedure: GETATTR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 93
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961925
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 40
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7636
+ flow.bytes_toserver: 7914
+ flow.pkts_toclient: 42
+ flow.pkts_toserver: 43
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 42
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 95
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961926
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 41
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7636
+ flow.bytes_toserver: 7914
+ flow.pkts_toclient: 42
+ flow.pkts_toserver: 43
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 42
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 95
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961926
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 41
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7636
+ flow.bytes_toserver: 7914
+ flow.pkts_toclient: 42
+ flow.pkts_toserver: 43
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 42
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 95
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961926
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 41
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 42
+ nfs.procedure: READDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 96
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961926
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7894
+ flow.bytes_toserver: 8092
+ flow.pkts_toclient: 43
+ flow.pkts_toserver: 44
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 43
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 97
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961927
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 42
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7894
+ flow.bytes_toserver: 8092
+ flow.pkts_toclient: 43
+ flow.pkts_toserver: 44
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 43
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 97
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961927
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 42
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 7894
+ flow.bytes_toserver: 8092
+ flow.pkts_toclient: 43
+ flow.pkts_toserver: 44
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 43
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 97
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961927
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 42
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: h
+ nfs.hhash: e87927b5
+ nfs.id: 43
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 98
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961927
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8080
+ flow.bytes_toserver: 8270
+ flow.pkts_toclient: 44
+ flow.pkts_toserver: 45
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 44
+ nfs.procedure: RMDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 99
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961928
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 43
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8080
+ flow.bytes_toserver: 8270
+ flow.pkts_toclient: 44
+ flow.pkts_toserver: 45
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 44
+ nfs.procedure: RMDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 99
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961928
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 43
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8080
+ flow.bytes_toserver: 8270
+ flow.pkts_toclient: 44
+ flow.pkts_toserver: 45
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 44
+ nfs.procedure: RMDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 99
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961928
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 43
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: d
+ nfs.hhash: 38a4e9f6
+ nfs.id: 44
+ nfs.procedure: RMDIR
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 100
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961928
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8266
+ flow.bytes_toserver: 8448
+ flow.pkts_toclient: 45
+ flow.pkts_toserver: 46
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 45
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 101
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961929
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 44
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8266
+ flow.bytes_toserver: 8448
+ flow.pkts_toclient: 45
+ flow.pkts_toserver: 46
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 45
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 101
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961929
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 44
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8266
+ flow.bytes_toserver: 8448
+ flow.pkts_toclient: 45
+ flow.pkts_toserver: 46
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 45
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 101
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961929
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 44
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8266
+ flow.bytes_toserver: 8448
+ flow.pkts_toclient: 45
+ flow.pkts_toserver: 46
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 45
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 101
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961929
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 44
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 131299c5
+ nfs.id: 45
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 102
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961929
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8548
+ flow.bytes_toserver: 8626
+ flow.pkts_toclient: 46
+ flow.pkts_toserver: 47
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 46
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 103
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961930
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 45
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8548
+ flow.bytes_toserver: 8626
+ flow.pkts_toclient: 46
+ flow.pkts_toserver: 47
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 46
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 103
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961930
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 45
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8548
+ flow.bytes_toserver: 8626
+ flow.pkts_toclient: 46
+ flow.pkts_toserver: 47
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 46
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 103
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961930
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 45
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8548
+ flow.bytes_toserver: 8626
+ flow.pkts_toclient: 46
+ flow.pkts_toserver: 47
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 46
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 103
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961930
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 45
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 131299c5
+ nfs.id: 46
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 104
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961930
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8830
+ flow.bytes_toserver: 8804
+ flow.pkts_toclient: 47
+ flow.pkts_toserver: 48
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 38a4e9f6
+ nfs.id: 47
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 105
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961931
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 46
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8830
+ flow.bytes_toserver: 8804
+ flow.pkts_toclient: 47
+ flow.pkts_toserver: 48
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 38a4e9f6
+ nfs.id: 47
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 105
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961931
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 46
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 8830
+ flow.bytes_toserver: 8804
+ flow.pkts_toclient: 47
+ flow.pkts_toserver: 48
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 38a4e9f6
+ nfs.id: 47
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 105
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961931
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 46
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.hhash: 38a4e9f6
+ nfs.id: 47
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 106
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961931
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9016
+ flow.bytes_toserver: 8982
+ flow.pkts_toclient: 48
+ flow.pkts_toserver: 49
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 48
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 107
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961932
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 47
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9016
+ flow.bytes_toserver: 8982
+ flow.pkts_toclient: 48
+ flow.pkts_toserver: 49
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 48
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 107
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961932
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 47
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9016
+ flow.bytes_toserver: 8982
+ flow.pkts_toclient: 48
+ flow.pkts_toserver: 49
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 48
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 107
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961932
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 47
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9016
+ flow.bytes_toserver: 8982
+ flow.pkts_toclient: 48
+ flow.pkts_toserver: 49
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 48
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 107
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961932
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 47
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 48
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 108
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961932
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9298
+ flow.bytes_toserver: 9160
+ flow.pkts_toclient: 49
+ flow.pkts_toserver: 50
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 49
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 109
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961933
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 48
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9298
+ flow.bytes_toserver: 9160
+ flow.pkts_toclient: 49
+ flow.pkts_toserver: 50
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 49
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 109
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961933
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 48
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9298
+ flow.bytes_toserver: 9160
+ flow.pkts_toclient: 49
+ flow.pkts_toserver: 50
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 49
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 109
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961933
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 48
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9298
+ flow.bytes_toserver: 9160
+ flow.pkts_toclient: 49
+ flow.pkts_toserver: 50
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.id: 49
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 109
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961933
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 48
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: a5fcf973
+ nfs.id: 49
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 110
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961933
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9580
+ flow.bytes_toserver: 9338
+ flow.pkts_toclient: 50
+ flow.pkts_toserver: 51
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: 38a4e9f6
+ nfs.id: 50
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 111
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961934
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 49
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9580
+ flow.bytes_toserver: 9338
+ flow.pkts_toclient: 50
+ flow.pkts_toserver: 51
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: 38a4e9f6
+ nfs.id: 50
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 111
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961934
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 49
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9580
+ flow.bytes_toserver: 9338
+ flow.pkts_toclient: 50
+ flow.pkts_toserver: 51
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: 38a4e9f6
+ nfs.id: 50
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 111
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961934
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 49
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: bln
+ nfs.hhash: 38a4e9f6
+ nfs.id: 50
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 112
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961934
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9766
+ flow.bytes_toserver: 9516
+ flow.pkts_toclient: 51
+ flow.pkts_toserver: 52
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 51
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 113
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961935
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 50
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9766
+ flow.bytes_toserver: 9516
+ flow.pkts_toclient: 51
+ flow.pkts_toserver: 52
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 51
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 113
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961935
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 50
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9766
+ flow.bytes_toserver: 9516
+ flow.pkts_toclient: 51
+ flow.pkts_toserver: 52
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 51
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 113
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961935
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 50
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 9766
+ flow.bytes_toserver: 9516
+ flow.pkts_toclient: 51
+ flow.pkts_toserver: 52
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 51
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 113
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961935
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 50
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.hhash: 94b45286
+ nfs.id: 51
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 114
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961935
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10048
+ flow.bytes_toserver: 9694
+ flow.pkts_toclient: 52
+ flow.pkts_toserver: 53
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 52
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 115
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961936
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 51
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10048
+ flow.bytes_toserver: 9694
+ flow.pkts_toclient: 52
+ flow.pkts_toserver: 53
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 52
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 115
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961936
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 51
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10048
+ flow.bytes_toserver: 9694
+ flow.pkts_toclient: 52
+ flow.pkts_toserver: 53
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 52
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 115
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961936
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 51
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10048
+ flow.bytes_toserver: 9694
+ flow.pkts_toclient: 52
+ flow.pkts_toserver: 53
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.id: 52
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 115
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961936
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 51
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.hhash: 94b45286
+ nfs.id: 52
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 116
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961936
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10330
+ flow.bytes_toserver: 9864
+ flow.pkts_toclient: 53
+ flow.pkts_toserver: 54
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 53
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 117
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961937
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 52
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10330
+ flow.bytes_toserver: 9864
+ flow.pkts_toclient: 53
+ flow.pkts_toserver: 54
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 53
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 117
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961937
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 52
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10330
+ flow.bytes_toserver: 9864
+ flow.pkts_toclient: 53
+ flow.pkts_toserver: 54
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 53
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 117
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961937
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 52
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: ''
+ nfs.id: 53
+ nfs.procedure: READLINK
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 118
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961937
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10496
+ flow.bytes_toserver: 10042
+ flow.pkts_toclient: 54
+ flow.pkts_toserver: 55
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 54
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 119
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961938
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 53
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10496
+ flow.bytes_toserver: 10042
+ flow.pkts_toclient: 54
+ flow.pkts_toserver: 55
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 54
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 119
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961938
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 53
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10496
+ flow.bytes_toserver: 10042
+ flow.pkts_toclient: 54
+ flow.pkts_toserver: 55
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 54
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 119
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961938
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 53
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10496
+ flow.bytes_toserver: 10042
+ flow.pkts_toclient: 54
+ flow.pkts_toserver: 55
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.id: 54
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 119
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961938
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 53
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: b
+ nfs.hhash: a5fcf973
+ nfs.id: 54
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 120
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961938
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10778
+ flow.bytes_toserver: 10220
+ flow.pkts_toclient: 55
+ flow.pkts_toserver: 56
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.hhash: 38a4e9f6
+ nfs.id: 55
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 121
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961939
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 54
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10778
+ flow.bytes_toserver: 10220
+ flow.pkts_toclient: 55
+ flow.pkts_toserver: 56
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.hhash: 38a4e9f6
+ nfs.id: 55
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 121
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961939
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 54
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 11
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10778
+ flow.bytes_toserver: 10220
+ flow.pkts_toclient: 55
+ flow.pkts_toserver: 56
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.hhash: 38a4e9f6
+ nfs.id: 55
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 121
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961939
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 54
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: blns
+ nfs.hhash: 38a4e9f6
+ nfs.id: 55
+ nfs.procedure: REMOVE
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 122
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961939
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 3
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10964
+ flow.bytes_toserver: 10398
+ flow.pkts_toclient: 56
+ flow.pkts_toserver: 57
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 56
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 123
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961940
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 55
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 6
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10964
+ flow.bytes_toserver: 10398
+ flow.pkts_toclient: 56
+ flow.pkts_toserver: 57
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 56
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 123
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961940
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 55
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 12
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10964
+ flow.bytes_toserver: 10398
+ flow.pkts_toclient: 56
+ flow.pkts_toserver: 57
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 56
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 123
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961940
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 55
+- filter:
+ count: 1
+ match:
+ alert.action: allowed
+ alert.category: ''
+ alert.gid: 1
+ alert.rev: 0
+ alert.severity: 3
+ alert.signature: ''
+ alert.signature_id: 15
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: alert
+ flow.bytes_toclient: 10964
+ flow.bytes_toserver: 10398
+ flow.pkts_toclient: 56
+ flow.pkts_toserver: 57
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 56
+ nfs.procedure: LOOKUP
+ nfs.status: OK
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 123
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961940
+ src_ip: 139.25.22.2
+ src_port: 1022
+ tx_id: 55
+- filter:
+ count: 1
+ match:
+ dest_ip: 139.25.22.2
+ dest_port: 1022
+ event_type: nfs
+ nfs.file_tx: false
+ nfs.filename: am
+ nfs.id: 56
+ nfs.procedure: LOOKUP
+ nfs.status: ERR_NOENT
+ nfs.type: response
+ nfs.version: 3
+ pcap_cnt: 124
+ proto: UDP
+ rpc.auth_type: UNIX
+ rpc.creds.gid: 0
+ rpc.creds.machine_name: werrmsche
+ rpc.creds.uid: 0
+ rpc.status: ACCEPTED
+ rpc.xid: 1578961940
+ src_ip: 139.25.22.102
+ src_port: 2049
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 1048
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 66
+ flow.bytes_toserver: 158
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 722
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 111
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 90
+ flow.bytes_toserver: 106
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 3299
+- filter:
+ count: 1
+ match:
+ app_proto: nfs
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: flow
+ flow.age: 0
+ flow.alerted: true
+ flow.bytes_toclient: 11038
+ flow.bytes_toserver: 10398
+ flow.pkts_toclient: 57
+ flow.pkts_toserver: 57
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 1022
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 1048
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 66
+ flow.bytes_toserver: 82
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 3296
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 111
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 90
+ flow.bytes_toserver: 106
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 3295
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 111
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 90
+ flow.bytes_toserver: 106
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 3297
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 1048
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 114
+ flow.bytes_toserver: 158
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 706
+- filter:
+ count: 1
+ match:
+ app_proto: failed
+ dest_ip: 139.25.22.102
+ dest_port: 2049
+ event_type: flow
+ flow.age: 0
+ flow.alerted: false
+ flow.bytes_toclient: 66
+ flow.bytes_toserver: 82
+ flow.pkts_toclient: 1
+ flow.pkts_toserver: 1
+ flow.reason: shutdown
+ flow.state: established
+ proto: UDP
+ src_ip: 139.25.22.2
+ src_port: 3298
projects / thirdparty / suricata-verify.git / commitdiff
