-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.txt
116 lines (116 loc) · 2.17 KB
/
test.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
": {
"2": {
"terms": {
"field": "destination_ips.keyword",
"size": 100,
"order": {
"_count": "asc"
}
},
"aggs": {
"3": {
"terms": {
"field": "destination_port",
"size": 5,
"order": {
"_count": "desc"
}
}
}
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
},
{
"field": "certificate_not_valid_after",
"format": "date_time"
},
{
"field": "certificate_not_valid_before",
"format": "date_time"
},
{
"field": "creation_date",
"format": "date_time"
},
{
"field": "creation_time",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [
{
"match_all": {}
},
{
"range": {
"@timestamp": {
"gte": 1538861413029,
"lte": 1538947813029,
"format": "epoch_millis"
}
}
},
{
"bool": {
"should": [
{
"term": {
"destination_ip": "192.168.0.0/16"
}
},
{
"term": {
"destination_ip": "10.0.0.0/8"
}
},
{
"term": {
"destination_ip": "172.16.0.0/12"
}
}
]
}
},
{
"bool": {
"should": [
{
"term": {
"source_ip": "192.168.0.0/16"
}
},
{
"term": {
"source_ip": "10.0.0.0/8"
}
},
{
"term": {
"source_ip": "172.16.0.0/12"
}
}
]
}
}
],
"filter": [],
"should": [],
"must_not": []
}
}
}