{ "type": "bundle", "id": "bundle--3abd59a4-2ba9-4b9c-b73f-96ac1a2177ec", "spec_version": "2.0", "objects": [ { "type": "identity", "id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "name": "qradar", "created": "2020-09-30T16:27:37.320Z", "modified": "2020-09-30T16:27:37.320Z", "identity_class": "events" }, { "id": "observed-data--6f1a4f25-dce5-4b08-97f2-cac1e78729c9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:37.320Z", "modified": "2020-09-30T16:27:37.320Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI0OjU5IDEyNy4wLjAuMSAgW1t0eXBlPWNvbS5ldmVudGdub3Npcy5zeXN0ZW0uVGhyZWFkZWRFdmVudFByb2Nlc3Nvcl1bcGFyZW50PWJlbnRlc3QudGVzdDplY3MtZXAvTVBDL01hZ2lzdHJhdGUxL01QQ11dIGNvbS5pYm0uc2kubXBjLm1hZ2kuT2ZmZW5zZU1hbmFnZXJEZWxlZ2F0ZTogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXTAgQUNUSVZFIG9mZmVuc2VzIG1hZGUgRE9STUFOVCBhZnRlciAxODAwMDAwIG1zZWNzIG9mIDMK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:24:59.988Z", "last_observed": "2020-09-30T16:25:59.988Z", "number_observed": 1 }, { "id": "observed-data--18a1dc35-8ceb-4609-b73b-d8446f78ee38", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:37.947Z", "modified": "2020-09-30T16:27:37.947Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gU3RhdHMgZm9yIFBhY2tldFNvdXJjZSBOSUM6IGV0aDEgUGFja2V0c0BUaHJlYWQgSW5kZXg6IDAgUGFja2V0cyBSZWNlaXZlZDogMzA5OSBQYWNrZXRzIERyb3BwZWQ6IDAgUGFja2V0IFJhdGU6IDUxL3NlYyBQcm9jZXNzZWQgUGFja2V0IFJhdGU6IDUxL3NlYyBQY2FwQ2FsbEJhY2sgUGFja2V0czogODM4MzEzODkK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.159Z", "last_observed": "2020-09-30T16:25:00.159Z", "number_observed": 1 }, { "id": "observed-data--17be7260-87f9-4539-bcb5-a7173b7d4805", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:37.966Z", "modified": "2020-09-30T16:27:37.966Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gVG90YWwgUGFja2V0U291cmNlIE5JQzogZXRoMSBUb3RhbCBQYWNrZXRzIHJlY2VpdmVkOiAzMDk5IFRvdGFsIFBhY2tldHMgRHJvcHBlZDogMCBUb3RhbCBQYWNrZXQgUmF0ZTogNTEvc2VjIFRvdGFsIFByb2Nlc3NlZCBQYWNrZXQgUmF0ZTogNTEvc2VjCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.159Z", "last_observed": "2020-09-30T16:25:00.159Z", "number_observed": 1 }, { "id": "observed-data--769e2680-e483-4c66-9bff-c26258965450", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:37.984Z", "modified": "2020-09-30T16:27:37.984Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gVG90YWwgUGFja2V0U291cmNlIE5JQzogZXRoMCBUb3RhbCBQYWNrZXRzIHJlY2VpdmVkOiA2MjY3IFRvdGFsIFBhY2tldHMgRHJvcHBlZDogMCBUb3RhbCBQYWNrZXQgUmF0ZTogMTA0L3NlYyBUb3RhbCBQcm9jZXNzZWQgUGFja2V0IFJhdGU6IDEwNC9zZWMK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.159Z", "last_observed": "2020-09-30T16:25:00.159Z", "number_observed": 1 }, { "id": "observed-data--16e1d708-bb0e-40b2-9874-0ac5279faf26", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.005Z", "modified": "2020-09-30T16:27:38.005Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gU3RhdHMgZm9yIFBhY2tldFNvdXJjZSBOSUM6IGV0aDAgUGFja2V0c0BUaHJlYWQgSW5kZXg6IDAgUGFja2V0cyBSZWNlaXZlZDogNjI2NyBQYWNrZXRzIERyb3BwZWQ6IDAgUGFja2V0IFJhdGU6IDEwNC9zZWMgUHJvY2Vzc2VkIFBhY2tldCBSYXRlOiAxMDQvc2VjIFBjYXBDYWxsQmFjayBQYWNrZXRzOiAxNTk1NjExOTUK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.159Z", "last_observed": "2020-09-30T16:25:00.159Z", "number_observed": 1 }, { "id": "observed-data--41804670-c9c4-4226-b27f-bd9020bd061c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.025Z", "modified": "2020-09-30T16:27:38.025Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gU2VudCAzODYgZmxvd3Mgb24gdHJhbnNwb3J0IGNvbm5lY3Rpb24gdG8gOS4yOC4yMzQuMTY5OjMyMDEwCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--9336fa34-4b7d-4b65-b936-7a92fa62019d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.044Z", "modified": "2020-09-30T16:27:38.044Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gSVBGSVggRmxvdyBTb3VyY2UgU3RhdHMgZm9yIGRlZmF1bHRfTmV0ZmxvdzogIHJlY2VpdmVkIGFuZCBwcm9jZXNzZWQgMCBwYWNrZXRzLgo=" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--15d48186-1125-4b74-b93f-5771db7b2452", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.062Z", "modified": "2020-09-30T16:27:38.062Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzA0MF0gRmxvd3MgaGVsZCBvdmVyIGZvciB0aGUgbmV4dCByZXBvcnRpbmcgaW50ZXJ2YWw6IDEyCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--9df4a783-d6dd-400a-a891-5c9b5e3bb1a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.080Z", "modified": "2020-09-30T16:27:38.080Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gTnVtYmVyIG9mIGZsb3dzIHRoYXQgc2hvdWxkIGJlIHJlcG9ydGVkIGluIHRoZSBpbnRlcnZhbDogMjM0OQo=" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--2a5e5577-7c84-493f-b205-fbdbe9d8ddbe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.098Z", "modified": "2020-09-30T16:27:38.098Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gQ3VycmVudCBpbnRlcnZhbCBzdGFydGluZyBpbnB1dCBmbG93IGNvdW50OiAyMzQwCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--22ab1ab9-2f1a-4090-975d-a8c750f8481d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.117Z", "modified": "2020-09-30T16:27:38.117Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gVG90YWwgbnVtYmVyIG9mIGFnZ3JlZ2F0YWJsZSBmbG93cyByZWNlaXZlZCBmcm9tIGFsbCBmbG93IHNvdXJjZXM6IDkzNjIK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--254f8d73-258d-4494-a6c4-2e20ecc6cd5b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.137Z", "modified": "2020-09-30T16:27:38.137Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gQnl0ZSBjb3VudDogOTk0ODgyCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--a0ecd90e-b7cc-4a6a-a7c6-bbb056df7fe0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.156Z", "modified": "2020-09-30T16:27:38.156Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gT3ZlcmZsb3cgY291bnQ6IDAgKENvbXByZXNzZWQ6IDApCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--27be2d9f-e9a7-4938-9871-632a6a15c537", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.173Z", "modified": "2020-09-30T16:27:38.173Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gUGFja2V0IGNvdW50OiA5MzYyCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--8788c084-c5f5-4119-9418-f5e59f79df7b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.193Z", "modified": "2020-09-30T16:27:38.193Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gVG90YWwgbnVtYmVyIG9mIG5vbi1hZ2dyZWdhdGFibGUgZmxvd3MgcmVjZWl2ZWQgZnJvbSBhbGwgZmxvdyBzb3VyY2VzOiAwCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--3919870d-e9bf-403c-8d21-c46198b814bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.212Z", "modified": "2020-09-30T16:27:38.212Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gTmV3IGlucHV0IGludGVydmFsIHN0YXJ0ZWQK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--abf678ae-6b53-4bba-acb8-883b682d711f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.230Z", "modified": "2020-09-30T16:27:38.230Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gU3VwZXJmbG93IGNvdW50OiAxMiAoQ29tcHJlc3NlZDogMTk3NCkK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.160Z", "last_observed": "2020-09-30T16:25:00.160Z", "number_observed": 1 }, { "id": "observed-data--06868800-6fdc-471a-afb3-f1250c386548", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.249Z", "modified": "2020-09-30T16:27:38.249Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MDkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.486Z", "last_observed": "2020-09-30T16:25:00.486Z", "number_observed": 1 }, { "id": "observed-data--a4b2cbbe-86d1-4d70-8319-7a1f45f72589", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.268Z", "modified": "2020-09-30T16:27:38.268Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUGF5bG9hZFNpemVFdmVudHMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1lY3MtZXAuZWNzLWVwMglWYWx1ZT00MTAuMzg2MzI3NjI4NjAzNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8ca39781-af10-4694-9119-c2cf19806d2f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.287Z", "modified": "2020-09-30T16:27:38.287Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUmVjb3JkU2l6ZUZsb3dzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9ZWNzLWVwLmVjcy1lcDEJVmFsdWU9MzA3LjQwODIxNDkwNjMwOTY0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.486Z", "last_observed": "2020-09-30T16:25:00.486Z", "number_observed": 1 }, { "id": "observed-data--b5a6ccd9-8f87-4415-a9d7-dceded298f8c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.305Z", "modified": "2020-09-30T16:27:38.305Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b992b08c-c6eb-42b9-948c-169be5fd1dc3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.322Z", "modified": "2020-09-30T16:27:38.322Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUmVjb3JkU2l6ZUV2ZW50cwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWVjcy1lcC5lY3MtZXAyCVZhbHVlPTIzNy4zOTc3NTQxNjUwMjI0Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.486Z", "last_observed": "2020-09-30T16:25:00.486Z", "number_observed": 1 }, { "id": "observed-data--c9e0b0fa-3427-4418-98d1-cd78c3ba7b85", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.340Z", "modified": "2020-09-30T16:27:38.340Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b8843323-b2e1-478e-8116-663f5991c614", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.361Z", "modified": "2020-09-30T16:27:38.361Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4xODA3Nzk3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2c5a766c-0a07-4aac-852d-1528e89cc17a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.380Z", "modified": "2020-09-30T16:27:38.380Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ef9e3f33-c211-4ece-85d9-2d92279aebd5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.399Z", "modified": "2020-09-30T16:27:38.399Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--a7d2849b-ee74-4029-a2cc-c2bc783f116d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.417Z", "modified": "2020-09-30T16:27:38.417Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--decd43ba-23d7-423a-91ba-6babf6e300ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.436Z", "modified": "2020-09-30T16:27:38.436Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f5043def-91ff-4d06-8ed3-fd0e612d71a6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.454Z", "modified": "2020-09-30T16:27:38.454Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f006a970-81cd-4cc2-b58b-fb2f323884d8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.472Z", "modified": "2020-09-30T16:27:38.472Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUGF5bG9hZFNpemVGbG93cwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWVjcy1lcC5lY3MtZXAxCVZhbHVlPTg0LjAxMDU3MDMwOTMyNDEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--bd57b8f9-6c70-40e1-b535-54ed9db66006", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.489Z", "modified": "2020-09-30T16:27:38.489Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjU5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c3cff60e-d91e-43c0-9af0-493cf5953f66", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.507Z", "modified": "2020-09-30T16:27:38.507Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DdXJyZW50SG9zdHNUcmFja2luZ0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7fc49815-a303-462d-8475-e6b288c5691c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.526Z", "modified": "2020-09-30T16:27:38.526Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFJhdGVFUE1vbglEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjMuODUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--78dd8ca3-0b08-442b-9bc7-67b80b0c4a82", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.546Z", "modified": "2020-09-30T16:27:38.546Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMDkzMTc4NDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d2530f01-c1f7-4696-af47-ba2d5704bdcd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.566Z", "modified": "2020-09-30T16:27:38.566Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--6094408d-a2ef-4967-ab73-e19f0af0986f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.584Z", "modified": "2020-09-30T16:27:38.584Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--82647a19-93d7-4746-94e9-8f0bc4834f38", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.604Z", "modified": "2020-09-30T16:27:38.604Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--89d99482-ddaf-493b-9c01-8aae333a47ce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.622Z", "modified": "2020-09-30T16:27:38.622Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3972c02b-4c8f-410e-adfb-d63dab49a39b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.640Z", "modified": "2020-09-30T16:27:38.640Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--58f43ccc-18f6-4b59-b077-9de631114336", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.657Z", "modified": "2020-09-30T16:27:38.657Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVRdWV1ZVNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9eed8d6d-4abb-4264-aece-6005bc39cf49", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.677Z", "modified": "2020-09-30T16:27:38.677Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b4781226-31ae-47ed-801e-fde70b3f11c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.696Z", "modified": "2020-09-30T16:27:38.696Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d6def636-bcc9-4be4-bdb2-2b658d00a42d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.715Z", "modified": "2020-09-30T16:27:38.715Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExODIzNTEzNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c6997534-b173-4eda-94da-4c1de4e111ff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.736Z", "modified": "2020-09-30T16:27:38.736Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwODU3ODYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--903af374-8df7-454b-8ece-c09870337cbe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.756Z", "modified": "2020-09-30T16:27:38.756Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNjk0NTIwNjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3757e4a4-c2db-4e1e-b67d-e23db0ddf490", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.773Z", "modified": "2020-09-30T16:27:38.773Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcwMzI0NTM1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--cb994a21-380e-4856-a827-f71775f86922", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.792Z", "modified": "2020-09-30T16:27:38.792Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f348f102-7aa4-4543-91c2-aeb00b77fc68", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.811Z", "modified": "2020-09-30T16:27:38.811Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b0fd4b53-f8ee-4b36-a990-0550369b8911", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.831Z", "modified": "2020-09-30T16:27:38.831Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA4NTc3MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--769d07b2-ad85-40bf-ba8f-3cee921b450d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.851Z", "modified": "2020-09-30T16:27:38.851Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTA4NDIwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--784d6a4e-2cb8-4920-9761-ddfeb9e06f40", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.871Z", "modified": "2020-09-30T16:27:38.871Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--39a0645d-e8e9-4567-a170-725ffaeb3491", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.890Z", "modified": "2020-09-30T16:27:38.890Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--61d1c6b4-df2e-45a0-8405-abfadc7c242c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.911Z", "modified": "2020-09-30T16:27:38.911Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA4NzgzNzE5MDU1NjQ0NzQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--44afafa6-1acf-4d14-9e1a-9726159757f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.954Z", "modified": "2020-09-30T16:27:38.954Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcwMzI0NTM1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--21960802-04dd-454a-9766-f359f6b74f51", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.974Z", "modified": "2020-09-30T16:27:38.974Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00NDE2MDkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2b9d60c7-7f8e-4be8-8f23-ba365d8d51c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:38.993Z", "modified": "2020-09-30T16:27:38.993Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXdBbmRVcGRhdGVkSG9zdHNDb3VudEN1cnJlbnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9790e162-41d0-45d4-85fa-5566001a8130", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.013Z", "modified": "2020-09-30T16:27:39.013Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d710caab-c4c7-4f05-ad64-7a20af59c9bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.032Z", "modified": "2020-09-30T16:27:39.032Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1cd4cc3b-6715-4147-9ebc-063352366615", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.050Z", "modified": "2020-09-30T16:27:39.050Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--47868180-3d12-4f20-8fc2-8864bc0c64e1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.069Z", "modified": "2020-09-30T16:27:39.069Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjQ4MTg5ODAyNQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dc3a896b-cf07-4f98-bfa0-eeba55dc2e1e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.087Z", "modified": "2020-09-30T16:27:39.087Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTEwMC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--75e745d1-f017-49e2-9635-c6d8c469046b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.106Z", "modified": "2020-09-30T16:27:39.106Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--18c63d18-dd5b-4358-a964-3009e4ba116f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.123Z", "modified": "2020-09-30T16:27:39.123Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--acfa7d90-1bfa-4865-8ddb-2a6c94df548a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.141Z", "modified": "2020-09-30T16:27:39.141Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dc053e30-be91-4db3-b8d6-f06d915fccd0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.159Z", "modified": "2020-09-30T16:27:39.159Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExODIzNTEzNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--fee7cc60-ff6a-4df9-8ebf-6ae39071dc7b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.177Z", "modified": "2020-09-30T16:27:39.177Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIyMTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ed5c5933-298b-46f2-861f-975e54afe708", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.196Z", "modified": "2020-09-30T16:27:39.196Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dce78ed5-1ffe-47af-a319-94bbf2d3047b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.215Z", "modified": "2020-09-30T16:27:39.215Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1BcHBzUmVwb3J0ZWRJbkxhc3RSZXBvcnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--93290303-ede3-4bb2-bf3d-adf19f8d6f24", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.233Z", "modified": "2020-09-30T16:27:39.233Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMDQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2ec8bae5-e08b-482f-8958-5fe2424a3ca2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.252Z", "modified": "2020-09-30T16:27:39.252Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0aW5nVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNDIyNDM2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--92e7db69-d08c-4192-8815-bbe27db08048", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.270Z", "modified": "2020-09-30T16:27:39.270Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0U3RvcHdhdGNoVHhUaW1lTXMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e30e8147-b992-45f2-a7b1-984858f36e75", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.291Z", "modified": "2020-09-30T16:27:39.291Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--0b868a6f-d3da-4671-b485-e30e54347e17", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.308Z", "modified": "2020-09-30T16:27:39.308Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--5e4d6086-842d-4492-93b9-48fc1494ba9c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.325Z", "modified": "2020-09-30T16:27:39.325Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTA4NDk1MzYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--6c8b3d46-cda7-4499-9d42-8413e7bd55e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.343Z", "modified": "2020-09-30T16:27:39.343Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwNzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--5ff5c051-fed3-4542-b08a-1b6be0c0e5e0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.362Z", "modified": "2020-09-30T16:27:39.362Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjYxMzQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e4f7e142-6a9f-4438-b1a5-27988c47a7be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.382Z", "modified": "2020-09-30T16:27:39.382Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--649806f0-ed77-4670-a5c7-82158ed91791", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.401Z", "modified": "2020-09-30T16:27:39.401Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--6b2ee249-3441-46d8-977a-d0e1296c73be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.421Z", "modified": "2020-09-30T16:27:39.421Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--280f6809-a47e-47d5-aff7-3c8ea316fe83", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.440Z", "modified": "2020-09-30T16:27:39.440Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjUwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d7a54ea9-e3cf-468d-be6a-c3547b2d4713", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.460Z", "modified": "2020-09-30T16:27:39.460Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zODIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--575bf3d9-d547-40f9-8093-cac49e0aac19", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.480Z", "modified": "2020-09-30T16:27:39.480Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--20c73110-b737-4c98-a8f2-6750cc5c1d49", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.498Z", "modified": "2020-09-30T16:27:39.498Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyRGlza1NpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--fa2ab686-e6c7-4bb2-8fa3-e8b844fe9b45", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.515Z", "modified": "2020-09-30T16:27:39.515Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY0Rpc2tTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b9fcf23b-aa7f-4ceb-bfa1-9409c64ae92d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.533Z", "modified": "2020-09-30T16:27:39.533Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--03df8a45-2ef8-4c8e-afbe-5ce2845a18a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.551Z", "modified": "2020-09-30T16:27:39.551Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM2MTU0MjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--5f15dadb-e9a1-4643-aea4-d7b92cb0c971", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.570Z", "modified": "2020-09-30T16:27:39.570Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8a3d3961-ad3c-4979-8adb-8bd5a759e1a4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.588Z", "modified": "2020-09-30T16:27:39.588Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjAwNzI2MDEyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7ec5b181-6963-4722-a723-e40ecc00a23e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.606Z", "modified": "2020-09-30T16:27:39.606Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--34e0981d-057a-4d53-beb1-45fe15676359", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.625Z", "modified": "2020-09-30T16:27:39.625Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c8f9f000-4d06-4be6-bf40-07821ee1de7e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.646Z", "modified": "2020-09-30T16:27:39.646Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--0761cd00-cd66-43be-a5d2-06a5582c07d2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.663Z", "modified": "2020-09-30T16:27:39.663Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7c7cc5bd-fddd-4b13-a618-cafb1b0f40b1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.680Z", "modified": "2020-09-30T16:27:39.680Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--cf7ea5cb-4916-496f-8cf9-6f402bd7e327", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.698Z", "modified": "2020-09-30T16:27:39.698Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c6fd5a3b-f812-4cbc-be2a-30b3974f595f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.716Z", "modified": "2020-09-30T16:27:39.716Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MjQ5Njk0NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--66d2f48a-047e-4cf6-b7a1-fdd04b26d190", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.738Z", "modified": "2020-09-30T16:27:39.738Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNDk2OTMwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c6afd8db-933b-4b11-80eb-d779c47671f5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.777Z", "modified": "2020-09-30T16:27:39.777Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwMDQ2NTQxNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8015314e-1a5e-4376-8129-bd37c7ce7126", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.817Z", "modified": "2020-09-30T16:27:39.817Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--de41efb0-6e0a-4022-947a-a6035689bb02", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.856Z", "modified": "2020-09-30T16:27:39.856Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExMzIwMzAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9170240e-bab1-48f0-bb4f-00d9cbccc9ad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.890Z", "modified": "2020-09-30T16:27:39.890Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c85cfb4a-69dd-45a2-b2e1-51890dbd169b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.919Z", "modified": "2020-09-30T16:27:39.919Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9e632a1c-f06c-4ca1-9474-c4f96f586f2d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.943Z", "modified": "2020-09-30T16:27:39.943Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMDI4MTM1OTY1NTYyMzg0NzQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--cc994fa9-42f8-4ddf-bd06-67db69c30325", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.969Z", "modified": "2020-09-30T16:27:39.969Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM2MTU0MjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dcbf4123-9fef-45eb-9a4b-1aa50f217da2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:39.992Z", "modified": "2020-09-30T16:27:39.992Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE4ODY3MTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d99b27d0-049d-43cf-aeab-d72635246b4c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.019Z", "modified": "2020-09-30T16:27:40.019Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--097be1e3-a8ed-42d0-b516-d4fd1a033343", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.043Z", "modified": "2020-09-30T16:27:40.043Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f1893146-ff28-427f-afec-e26a5e3c3257", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.077Z", "modified": "2020-09-30T16:27:40.077Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Mjg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1b9d3611-ea6b-4d6c-81b8-96a7a2d55cf8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.104Z", "modified": "2020-09-30T16:27:40.104Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--43c5d8c2-b4c5-4b4b-b642-8f6f6d2b4e88", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.124Z", "modified": "2020-09-30T16:27:40.124Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODIxNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3a1bd617-248f-464f-a3b8-ac14ecf4153f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.148Z", "modified": "2020-09-30T16:27:40.148Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjEyNjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--249cd47b-0611-40fe-b160-e1d94302a50f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.166Z", "modified": "2020-09-30T16:27:40.166Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ec4e4109-fee7-4d9f-aebc-92f79ff617b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.185Z", "modified": "2020-09-30T16:27:40.185Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ5NTgyODk5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1527b698-ebf5-4aef-8c7e-fa85a9e3e33c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.206Z", "modified": "2020-09-30T16:27:40.206Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--436ba608-c2f4-45ec-9887-7d3f5a2ee896", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.236Z", "modified": "2020-09-30T16:27:40.236Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY1NwaWxsRmlsZXNDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2fb3206f-967d-46d0-b84c-1d4bb7b1cf07", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.277Z", "modified": "2020-09-30T16:27:40.277Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d23b41cb-1242-4091-8137-901e42e7bfbc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.304Z", "modified": "2020-09-30T16:27:40.304Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--82e52e19-81e3-4226-ab35-29a92da0eaaf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.327Z", "modified": "2020-09-30T16:27:40.327Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjQ1MzA5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e3ce89fb-8c7c-48ae-b9ce-37dbc76ed8b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.346Z", "modified": "2020-09-30T16:27:40.346Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--83b87168-b248-445a-933c-689da9200be3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.365Z", "modified": "2020-09-30T16:27:40.365Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--324805e9-a29b-4a1b-8788-1281b5978914", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.392Z", "modified": "2020-09-30T16:27:40.392Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--26531f9e-ebe8-42a2-b433-0587f17e9e94", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.420Z", "modified": "2020-09-30T16:27:40.420Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--bf0385b2-2bfa-4fed-b6f7-d89c1d5999e1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.443Z", "modified": "2020-09-30T16:27:40.443Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjg2MDA5MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--0f9200e2-3433-4bc5-98ee-531230f4f2bb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.470Z", "modified": "2020-09-30T16:27:40.470Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwNzg1NDg4MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1efb4e54-2ad0-45a0-b716-03861c59767e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.505Z", "modified": "2020-09-30T16:27:40.505Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODYwMDY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--428f4e7c-dacd-47a0-bd4b-493a54056627", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.535Z", "modified": "2020-09-30T16:27:40.535Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1MTg4MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8586fdfa-4475-41af-a039-75c40b1e7449", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.560Z", "modified": "2020-09-30T16:27:40.560Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--debb75db-67da-4019-982d-3113d89a1862", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.585Z", "modified": "2020-09-30T16:27:40.585Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTYyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--26acbfe8-1bd7-4fcd-a52d-efa9a21cf7f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.607Z", "modified": "2020-09-30T16:27:40.607Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b1ee2ef7-8a37-47e5-b1e4-6d43ac870222", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.630Z", "modified": "2020-09-30T16:27:40.630Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My43Nzg1OTEwMDQ4NjAzOEUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e9fc18a2-862e-4a38-a70a-37b9754eb974", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.653Z", "modified": "2020-09-30T16:27:40.653Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--6a0bcfb6-1d03-46b8-afec-e05c0c94d7e4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.677Z", "modified": "2020-09-30T16:27:40.677Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d06e7726-1d95-4a4c-8ed2-21a3ba8153b7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.703Z", "modified": "2020-09-30T16:27:40.703Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NDE1Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c0e43bb4-2190-46ba-a301-c2e515a346c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.732Z", "modified": "2020-09-30T16:27:40.732Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2c53b6b4-25ee-4c0d-9d8c-97428b7275b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.755Z", "modified": "2020-09-30T16:27:40.755Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--53abed32-7071-4480-bf82-ba2ca253be2a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.777Z", "modified": "2020-09-30T16:27:40.777Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--591fe894-070c-4cb7-9fc0-8854f4b5b5c1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.798Z", "modified": "2020-09-30T16:27:40.798Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODUwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d9ff8ec6-eb45-4891-8b51-02665ec20e89", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.818Z", "modified": "2020-09-30T16:27:40.818Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04NTU0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--92f5bbe9-7a43-42cb-ae25-dfa447421a72", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.837Z", "modified": "2020-09-30T16:27:40.837Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNDUyNDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ac8867eb-a545-45d1-b6d2-8c74c79d6cf7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.861Z", "modified": "2020-09-30T16:27:40.861Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--12c1133e-96ba-45cd-b891-d22a41bff86e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.882Z", "modified": "2020-09-30T16:27:40.883Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7af07527-b64e-4db6-85ca-ec5b18b04626", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.902Z", "modified": "2020-09-30T16:27:40.902Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMxNTM2NzQyNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--abe46172-53d9-492a-bcf4-2a8d41faaf65", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.922Z", "modified": "2020-09-30T16:27:40.922Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTQxODE3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c5d4a5c1-fd44-47d8-b911-a85edb3da1ca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.942Z", "modified": "2020-09-30T16:27:40.942Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c6ea8c92-4be3-400c-afaa-56e690562ef1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.962Z", "modified": "2020-09-30T16:27:40.962Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f253b770-04e8-408c-b02a-b45e3c857e4d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:40.983Z", "modified": "2020-09-30T16:27:40.983Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--fd6bbf3d-d281-4a60-9512-e3b59943daae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.001Z", "modified": "2020-09-30T16:27:41.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--63dc757a-d3b8-4e33-8d1d-e88cc2e5026f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.021Z", "modified": "2020-09-30T16:27:41.021Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d5405be0-4e52-4e07-b412-85a64e454941", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.041Z", "modified": "2020-09-30T16:27:41.041Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--70ad67ce-1b4b-4940-8531-9ff9f009206c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.059Z", "modified": "2020-09-30T16:27:41.059Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTUxNTk0ODgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--38cbb70f-2577-4388-a484-eae446c9891e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.076Z", "modified": "2020-09-30T16:27:41.076Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwNTM2NzUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2f1c9f12-8b04-4ae8-9440-fcf9a80d49f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.092Z", "modified": "2020-09-30T16:27:41.092Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA1MzY1Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--27a6c33b-17f8-4009-8128-c82973d79713", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.109Z", "modified": "2020-09-30T16:27:41.109Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--cf0fc913-3801-49f9-9f9e-f52752dcfa4c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.124Z", "modified": "2020-09-30T16:27:41.124Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00NjMwMjAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--19b9b3c7-de2e-46a7-8a7d-fc57fa405676", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.139Z", "modified": "2020-09-30T16:27:41.139Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d539543e-9e26-4541-9084-74023507ca82", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.156Z", "modified": "2020-09-30T16:27:41.156Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dfd91449-7d14-4944-b88c-2825d83c2f74", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.171Z", "modified": "2020-09-30T16:27:41.171Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c387b973-89a2-4ee8-bbc6-27c9053a39ad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.188Z", "modified": "2020-09-30T16:27:41.188Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDAxMTUyNTU3ODc5NzM5MjAwOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e317507a-7055-44f3-bd65-a5437692fccf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.216Z", "modified": "2020-09-30T16:27:41.216Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7c890119-a58f-4225-9a90-e77672170317", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.239Z", "modified": "2020-09-30T16:27:41.239Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--b6d7df82-7c2a-4f78-8d13-2b096f748d7e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.260Z", "modified": "2020-09-30T16:27:41.260Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--22c471a4-f942-414d-a7ff-64498450150a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.288Z", "modified": "2020-09-30T16:27:41.288Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgyODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ef218245-ec72-454c-a6c3-f1841552c999", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.311Z", "modified": "2020-09-30T16:27:41.311Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f0042940-1363-4912-bb36-0b57ec89391f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.334Z", "modified": "2020-09-30T16:27:41.334Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3e16b4d7-fdd0-44db-9912-73e7e4a1de8c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.356Z", "modified": "2020-09-30T16:27:41.356Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA5MzAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--12ce0c8b-95a9-4038-93bd-19aa545b1903", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.382Z", "modified": "2020-09-30T16:27:41.382Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--790bc80c-b7eb-4669-99b0-6a12a71ed078", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.405Z", "modified": "2020-09-30T16:27:41.405Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDE4MDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--985a83af-43db-4ee0-952d-daa0ab644098", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.428Z", "modified": "2020-09-30T16:27:41.428Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--4f3f2276-bb17-4cc1-99c8-89be32c6deaa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.457Z", "modified": "2020-09-30T16:27:41.457Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzI0MTI2NzIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1c4b014c-ac65-45c7-b461-fdfef28fe6b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.481Z", "modified": "2020-09-30T16:27:41.481Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--f98ae707-88e6-4a8e-a51d-945b2d188055", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.502Z", "modified": "2020-09-30T16:27:41.503Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI2NDE1Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--2e6e29fe-5ed4-4156-adae-ede86440719d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.525Z", "modified": "2020-09-30T16:27:41.525Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7a60839c-0bb8-4b65-a2ab-d6bdd9a0c3ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.549Z", "modified": "2020-09-30T16:27:41.549Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--84bd2b73-89f4-43fb-9599-370d0c177c7d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.573Z", "modified": "2020-09-30T16:27:41.573Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3cdd5832-12aa-4432-a4d2-692e15ed17f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.593Z", "modified": "2020-09-30T16:27:41.593Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ba1a4500-022d-485b-afd9-4bc8948437af", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.613Z", "modified": "2020-09-30T16:27:41.613Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d39e74f1-4237-4888-933c-aa6a92f7c3b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.633Z", "modified": "2020-09-30T16:27:41.633Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI5NjUwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--5941c0a7-6796-4dd7-9024-14f94fdd8a6d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.655Z", "modified": "2020-09-30T16:27:41.655Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7ff554cc-6edb-48f6-af9a-4cde5df4d9e9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.675Z", "modified": "2020-09-30T16:27:41.675Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03Mzk2MjQ1Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ca11f643-2140-4143-b9a9-97eb1fd35028", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.694Z", "modified": "2020-09-30T16:27:41.694Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--180e5548-f6ca-44cc-a464-de3f689dfe43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.713Z", "modified": "2020-09-30T16:27:41.713Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--267dda78-f531-41c8-bfdf-a3ffbc6d11c6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.733Z", "modified": "2020-09-30T16:27:41.733Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTQ2MTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c083743e-12c7-4607-a131-62d1ece62acf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.753Z", "modified": "2020-09-30T16:27:41.753Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjk2NTAzMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e9e3e878-d7d6-4b47-955d-fd29eca06145", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.772Z", "modified": "2020-09-30T16:27:41.772Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--22761547-c356-4400-a904-42053bd62980", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.791Z", "modified": "2020-09-30T16:27:41.791Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8993824d-4d1e-4cf2-ae63-2fc90f6463b8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.811Z", "modified": "2020-09-30T16:27:41.811Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNDI1NzUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--a773f8a9-5d20-44a5-ba6c-ec0c72f0bb44", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.831Z", "modified": "2020-09-30T16:27:41.831Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuODQyNzI1NzY2ODQ1Nzk3RS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--4043e48a-d2c2-4e56-95e3-a63189dac60b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.854Z", "modified": "2020-09-30T16:27:41.854Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1e10d9c2-73d1-4c20-972c-d2f1c65c0441", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.873Z", "modified": "2020-09-30T16:27:41.873Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3a0be9ed-f2f0-4141-a8d2-4dfbe7906f4c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.894Z", "modified": "2020-09-30T16:27:41.894Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--a8af2d95-f214-4e47-bb34-f2d353aacbfa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.913Z", "modified": "2020-09-30T16:27:41.913Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--bdf5c580-4ee7-4916-9dad-4fa46946af01", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.933Z", "modified": "2020-09-30T16:27:41.933Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzMyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dccdceae-da98-491e-8f80-1375d2dac498", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.953Z", "modified": "2020-09-30T16:27:41.953Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyOTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ff2474c9-66c6-4d6a-838b-3064d325d116", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.973Z", "modified": "2020-09-30T16:27:41.973Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3fcbd17f-18e4-4ea1-8c36-d80ff49985b8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:41.992Z", "modified": "2020-09-30T16:27:41.992Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xOTY1ODM0MjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--88f75b95-6c60-4ad7-bbaf-0f3bc84603fb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.011Z", "modified": "2020-09-30T16:27:42.011Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--635f5a3a-98cb-41b4-bef0-acfc23be3dcd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.032Z", "modified": "2020-09-30T16:27:42.032Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--40d62260-7302-475e-8016-5b29c410862a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.051Z", "modified": "2020-09-30T16:27:42.052Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1OTk5NTQ4MDcyNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--728332f7-ab55-4272-bd35-54b4446ecc73", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.071Z", "modified": "2020-09-30T16:27:42.071Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9d9434ff-6734-4635-bfec-5da527c27af6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.090Z", "modified": "2020-09-30T16:27:42.090Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY0MTAzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--1c3fc6e8-adf5-4ccc-a0fb-e95f97d0fa5c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.109Z", "modified": "2020-09-30T16:27:42.109Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--5c64c08b-20e3-49e8-8251-8086fc9e0ee3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.128Z", "modified": "2020-09-30T16:27:42.128Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudE9uRGlzawlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ce72bf40-352c-4c6d-9911-98c8977f359e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.147Z", "modified": "2020-09-30T16:27:42.147Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--dfaa4b2c-a105-44c8-8f32-b5b4d173b8a2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.179Z", "modified": "2020-09-30T16:27:42.179Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdFNwaWxsb3ZlclRocmVzaG9sZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTUwMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ad71cd9a-d674-4204-bb82-018677d08f09", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.211Z", "modified": "2020-09-30T16:27:42.211Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--85fd387e-90cd-415a-a56b-e767a515c4e7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.275Z", "modified": "2020-09-30T16:27:42.275Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--68d84a9c-127b-48ca-b17e-1a562fb9f62d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.303Z", "modified": "2020-09-30T16:27:42.303Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--45fdfe27-6d4b-488d-8246-9df2d6b99bee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.325Z", "modified": "2020-09-30T16:27:42.325Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8e3db1d8-9eed-4693-9d62-e1373cc66f6a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.345Z", "modified": "2020-09-30T16:27:42.345Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI4ODUwMTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ffa1c45c-34fb-49e1-a6ff-39b7633f6da6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.366Z", "modified": "2020-09-30T16:27:42.366Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM1NjA5Njk2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--5b20450b-02ef-4c6c-be49-6b32b96c54a6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.388Z", "modified": "2020-09-30T16:27:42.388Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--3da8035a-33c3-4db4-8ffd-8ba33f2859ac", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.408Z", "modified": "2020-09-30T16:27:42.408Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODg1MDMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--428fd435-7b5f-41eb-a427-90ffbbdf0143", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.427Z", "modified": "2020-09-30T16:27:42.427Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjM4MjcwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d71b981c-54eb-490d-a595-171acb919daa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.447Z", "modified": "2020-09-30T16:27:42.447Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c174b458-d914-4e31-acfd-27e6b2f379ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.467Z", "modified": "2020-09-30T16:27:42.467Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--e3aaf98e-8d78-47b0-af4e-c6ce44f04d4e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.489Z", "modified": "2020-09-30T16:27:42.489Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Ljk1MDEyNzY4NDI5MTMxNUUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--c2b3eb76-fff0-43f1-92ed-89b883f201e9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.509Z", "modified": "2020-09-30T16:27:42.509Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d25e0ac1-c611-4f1e-a879-615d03a3628c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.530Z", "modified": "2020-09-30T16:27:42.530Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--091df8da-51de-4f3c-863a-2a0487a5cc84", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.554Z", "modified": "2020-09-30T16:27:42.554Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzQyOTA2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--04a1357c-b3c1-4e1b-b070-d05ab57dbaa6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.576Z", "modified": "2020-09-30T16:27:42.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--8acc1588-3f71-4291-9d0d-87a43e803886", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.599Z", "modified": "2020-09-30T16:27:42.599Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--6e2a397c-7bda-43df-b556-9a7c9d959dc5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.623Z", "modified": "2020-09-30T16:27:42.623Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--0a315fdd-ffca-46e3-bbac-8a2633583206", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.646Z", "modified": "2020-09-30T16:27:42.646Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--06a6842b-27ac-4c0b-bd6b-5eccfeef2bdb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.669Z", "modified": "2020-09-30T16:27:42.669Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--7ed68b1b-bfd3-49db-9f77-e82e414f622b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.691Z", "modified": "2020-09-30T16:27:42.691Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ae2a43c4-973a-409c-a84b-536f436a9e51", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.714Z", "modified": "2020-09-30T16:27:42.714Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--55741e27-ae15-41a6-a3a9-b039c14db63a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.738Z", "modified": "2020-09-30T16:27:42.738Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkxNjcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--630c6f94-473a-4c73-911d-062d2a5cf1ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.760Z", "modified": "2020-09-30T16:27:42.760Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05MTY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--48acf941-dca2-4a99-8038-c356b9927813", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.783Z", "modified": "2020-09-30T16:27:42.783Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--32c42d9c-c200-4b09-b5ca-23fba16c27ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.807Z", "modified": "2020-09-30T16:27:42.807Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTU5OTk1NDgwNzI0Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9e6cb55f-1cec-4700-8b6d-5796cbddbb3b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.831Z", "modified": "2020-09-30T16:27:42.831Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--d5d321de-5db0-4835-97fe-12a63abdda55", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.856Z", "modified": "2020-09-30T16:27:42.856Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudEluTWVtb3J5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ca158f53-bca5-4d67-90d4-dbed981f4f3e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.877Z", "modified": "2020-09-30T16:27:42.877Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTgyODcwMDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--6c91dc7a-9958-42da-bf06-a4c0e719ac79", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.900Z", "modified": "2020-09-30T16:27:42.900Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--01d0bcee-951b-4b66-8781-7db655db4b0c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.925Z", "modified": "2020-09-30T16:27:42.925Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--22a3a13f-2905-43f7-af89-de2bbb3cb631", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.949Z", "modified": "2020-09-30T16:27:42.949Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY5OTA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--ebc0155d-8d9e-421c-8384-17dd0315d78c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:42.976Z", "modified": "2020-09-30T16:27:42.976Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--9a6e3c27-7495-42de-92ab-511ead860a65", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.000Z", "modified": "2020-09-30T16:27:43.000Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.487Z", "last_observed": "2020-09-30T16:25:00.487Z", "number_observed": 1 }, { "id": "observed-data--08ec4849-a76c-441b-881a-abb8a976a7a4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.024Z", "modified": "2020-09-30T16:27:43.024Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--d94da63b-187e-495e-9a5a-389256014554", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.047Z", "modified": "2020-09-30T16:27:43.047Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--17c91c9d-294c-4590-bd87-a6508fb907bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.071Z", "modified": "2020-09-30T16:27:43.071Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--f4eb3e2e-d4f5-4486-9228-ab3e370cf86a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.093Z", "modified": "2020-09-30T16:27:43.093Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRDUFVVc2FnZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDAxMTM0MDQwOTU4MDYzOTc1Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--3708614a-2abe-4692-8fe9-c4503a5fd7e4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.115Z", "modified": "2020-09-30T16:27:43.115Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--9c1ee0e7-5c92-4cda-82ef-c4d93d618c12", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.136Z", "modified": "2020-09-30T16:27:43.136Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--9202aad7-539d-4fc5-baf9-b1215a571f43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.157Z", "modified": "2020-09-30T16:27:43.157Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjc2MjkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--3b2b7eb3-35b9-490b-ad35-078287a77ed4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.177Z", "modified": "2020-09-30T16:27:43.177Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNzYyODczCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--c845ef79-7f48-4f0c-b84a-f15a906a4cab", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.197Z", "modified": "2020-09-30T16:27:43.197Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--dcdebf03-079b-439a-9cbc-8e2ccf156cfc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.218Z", "modified": "2020-09-30T16:27:43.218Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ2MTA5MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--5638bb30-7dd4-42ad-bf94-e6075edc5d02", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.239Z", "modified": "2020-09-30T16:27:43.239Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExNDQxMTA2OTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--ddddf470-a048-4a32-819f-bc94d76e3f36", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.258Z", "modified": "2020-09-30T16:27:43.258Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--6e003f59-9162-4c29-8d64-4b81bc1c7465", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.278Z", "modified": "2020-09-30T16:27:43.278Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--02a1270e-9c8e-4659-8f9c-d109e57e61f8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.296Z", "modified": "2020-09-30T16:27:43.296Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--523ed9ec-e6b8-4b7c-80af-5ee5392c27e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.317Z", "modified": "2020-09-30T16:27:43.317Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRTZXNzaW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--999e5331-fd77-4360-8fb7-0d91171dccb7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.339Z", "modified": "2020-09-30T16:27:43.339Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ2MDY1MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--a4d826db-eb8d-4d27-b3a8-4fff95e6921c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.359Z", "modified": "2020-09-30T16:27:43.359Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMDExOTYzMjY5ODMzNjE1MDc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--f19c894d-5b79-463c-9801-51f9ee250d1b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.380Z", "modified": "2020-09-30T16:27:43.380Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--43897683-8ade-49ba-9413-1f47e300a338", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.400Z", "modified": "2020-09-30T16:27:43.400Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--60c2dca9-188f-48b1-a83e-749fba194799", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.420Z", "modified": "2020-09-30T16:27:43.420Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjY0NjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--54865571-ae92-4a0f-8e74-7b5abde7f542", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.440Z", "modified": "2020-09-30T16:27:43.440Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--2b61ae31-02df-48a4-9f84-e483a69a02af", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.460Z", "modified": "2020-09-30T16:27:43.460Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzg1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--6926e5db-8011-47c5-836a-827144668b7e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.480Z", "modified": "2020-09-30T16:27:43.480Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE0OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--7fd4c75a-c2b3-4cc4-9f21-d318f74fc817", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.498Z", "modified": "2020-09-30T16:27:43.498Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI5OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--568c9ca9-b178-41f6-92c8-037b6cf12f46", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.518Z", "modified": "2020-09-30T16:27:43.518Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1MTAwMTkwNzIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--fdffb612-e2d4-4eca-8a4f-7d9d3989f387", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.538Z", "modified": "2020-09-30T16:27:43.538Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjk1MjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--d42230f2-ffe2-43fc-9e09-c367d83e406d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.558Z", "modified": "2020-09-30T16:27:43.558Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMzE3NzkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--6a60b842-c074-4035-b23d-9d30a8dd5f1e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.577Z", "modified": "2020-09-30T16:27:43.577Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--83539636-9718-4103-94c5-017305b78b77", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.596Z", "modified": "2020-09-30T16:27:43.596Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--e5c94c4a-8aa5-4fe3-ae95-c6ae32e25efa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.615Z", "modified": "2020-09-30T16:27:43.615Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--755175ef-e7e4-49d8-a68d-6e3ffdf6213f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.634Z", "modified": "2020-09-30T16:27:43.634Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--fd26d8a4-9e26-413f-9a47-e54581d2655e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.653Z", "modified": "2020-09-30T16:27:43.653Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--d0feec26-d30f-44fd-a148-67e39a244078", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.670Z", "modified": "2020-09-30T16:27:43.670Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--a397d78e-64d0-44a1-b0c1-5dc87e3b47b3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.689Z", "modified": "2020-09-30T16:27:43.689Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ3OTc2MDA0NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--386882f7-67f5-4e5a-9300-b1f61368d7ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.706Z", "modified": "2020-09-30T16:27:43.706Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3MTM1Nzg5Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--806b2a7a-d799-4e7a-8e2c-fb11c00ada51", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.727Z", "modified": "2020-09-30T16:27:43.727Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--90d6d400-9469-4bac-9770-c7c41e5c08a7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.745Z", "modified": "2020-09-30T16:27:43.745Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMjM3MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--2015ec24-0b19-44a4-90e0-eeaeae36348b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.763Z", "modified": "2020-09-30T16:27:43.763Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--4fdf7f25-2a3a-4d76-b831-5a2306004bad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.782Z", "modified": "2020-09-30T16:27:43.782Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDc5NzYwMDMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--fa6bea5f-16dc-416c-b3b7-a144ae4f91c6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.801Z", "modified": "2020-09-30T16:27:43.801Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My4yNTEzNzAwOTY5NzMxNjA2RS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--4cbb9e1b-ebd6-48ab-98ed-fc040ed58b71", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.819Z", "modified": "2020-09-30T16:27:43.819Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--7d07a761-4974-4c1a-83f6-1ce6aa8fb861", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.837Z", "modified": "2020-09-30T16:27:43.837Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--39fc1cfb-f3e3-4419-bd19-ad40c4dd77bd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.854Z", "modified": "2020-09-30T16:27:43.854Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--1a4f141f-a92b-4bab-b742-620e9349a197", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.870Z", "modified": "2020-09-30T16:27:43.870Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--f3be8d6d-68a9-4765-82a5-08b9d6ccc277", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.888Z", "modified": "2020-09-30T16:27:43.888Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--ab1e29dc-7de3-4e61-90d9-bb2d2ce12d24", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.904Z", "modified": "2020-09-30T16:27:43.904Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--5493fcdc-7153-4b07-b875-718d104a63ad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.921Z", "modified": "2020-09-30T16:27:43.921Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--f1a7ccab-b1ca-422a-acf3-04bcaca63ba7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.938Z", "modified": "2020-09-30T16:27:43.938Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NTk2NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--0713013f-dc56-4bac-b56e-bf22ce517a29", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.954Z", "modified": "2020-09-30T16:27:43.954Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzU5NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--f9716fa0-53fa-4adf-85f6-f32a60aa0e98", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.971Z", "modified": "2020-09-30T16:27:43.971Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03NjMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--0824342b-4738-4500-a7a7-dbbcede2ce6d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:43.988Z", "modified": "2020-09-30T16:27:43.988Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTUzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--183f723f-0a1a-4c23-8471-5fb4d3ccf55a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.005Z", "modified": "2020-09-30T16:27:44.005Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2MTQ1MTc3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--fcc5b2c2-195e-441a-a977-7c890e8777b8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.021Z", "modified": "2020-09-30T16:27:44.021Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEzMTc2NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--0309ece6-6a8b-4643-bea7-4c16c057a933", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.038Z", "modified": "2020-09-30T16:27:44.038Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--e4be959a-0843-469c-a959-fdd130680f82", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.056Z", "modified": "2020-09-30T16:27:44.056Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MTA0Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--bca1ae98-c8c7-404c-ac19-4a3ce7bd370f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.073Z", "modified": "2020-09-30T16:27:44.073Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.488Z", "last_observed": "2020-09-30T16:25:00.488Z", "number_observed": 1 }, { "id": "observed-data--282a93ed-ff1d-44a9-ad2e-5159a2f0f233", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.091Z", "modified": "2020-09-30T16:27:44.091Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--1242935a-3af5-40c0-b8c4-f201290c8543", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.108Z", "modified": "2020-09-30T16:27:44.108Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--be24768a-2ae2-45fc-b4a4-a83c9226521d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.125Z", "modified": "2020-09-30T16:27:44.125Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--958d3edb-4531-413a-a446-540506385e43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.142Z", "modified": "2020-09-30T16:27:44.142Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--91f82353-8b7b-416e-a9c4-95fc08128eda", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.159Z", "modified": "2020-09-30T16:27:44.159Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI3NjUwNjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--18f8cb30-fc61-4d71-9b80-dacd59b0caf4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.175Z", "modified": "2020-09-30T16:27:44.175Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9e39d745-e4de-4f4a-87cd-032526446385", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.191Z", "modified": "2020-09-30T16:27:44.191Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05NjU1OTY2NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--ffdf6355-2239-48d1-a912-d58f8cb54f04", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.207Z", "modified": "2020-09-30T16:27:44.207Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xODIwMTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f1a5ddc9-1a70-4f5d-8cd9-b47d603c3ad2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.223Z", "modified": "2020-09-30T16:27:44.223Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--06cfeb8c-3c08-40a7-8093-6cd4f36cc901", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.238Z", "modified": "2020-09-30T16:27:44.238Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjc2NTA2MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6901a1d1-64fb-44e5-9e7e-0f602fe92796", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.254Z", "modified": "2020-09-30T16:27:44.254Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a54c354a-0af7-4048-be65-a3a0a5547ee9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.270Z", "modified": "2020-09-30T16:27:44.270Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--952ff189-40e2-476c-b528-6b8d399a5612", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.287Z", "modified": "2020-09-30T16:27:44.287Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQuNTIyNDkyOTYwNTg0MjMyRS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--47037088-ca25-4692-ab64-f66f24062c6b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.305Z", "modified": "2020-09-30T16:27:44.305Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--c9f60a34-6025-4d47-90bf-fb99a40c31ae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.325Z", "modified": "2020-09-30T16:27:44.325Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--36debc24-e6d9-4812-9755-84150dc2ced0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.343Z", "modified": "2020-09-30T16:27:44.343Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--24d47840-a9c9-475e-b542-313fc605c7c9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.362Z", "modified": "2020-09-30T16:27:44.362Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgxMjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a8c2dbe7-42e5-41c4-9aac-9a466920a6b4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.383Z", "modified": "2020-09-30T16:27:44.383Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9fd6311c-61c0-4f20-b357-90f6a2b22c51", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.401Z", "modified": "2020-09-30T16:27:44.401Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg0NzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--463eeaa9-fb3a-4a3b-b0f6-6ca675bc14a4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.419Z", "modified": "2020-09-30T16:27:44.419Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--34b19293-a531-4e77-aaac-2502d1096730", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.439Z", "modified": "2020-09-30T16:27:44.439Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODgyNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--588e04d6-30c3-4fa9-b3d6-baa5ed0bac33", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.458Z", "modified": "2020-09-30T16:27:44.458Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9d01c71e-24bb-4333-a754-cb849040a777", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.475Z", "modified": "2020-09-30T16:27:44.475Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwOTE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--40e58174-baf8-4aef-a606-fb61fb512e84", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.491Z", "modified": "2020-09-30T16:27:44.491Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xODg1OTIxMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--72cd95a4-d702-4df7-8545-b90d2e49dd17", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.507Z", "modified": "2020-09-30T16:27:44.507Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--db56419a-3ca5-42a0-84f6-beaa3bdc60a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.523Z", "modified": "2020-09-30T16:27:44.523Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a8be3d54-3230-4dd9-bb56-1d24d775ab0b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.539Z", "modified": "2020-09-30T16:27:44.539Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MC43Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--94d635f6-c7a1-43d1-8651-e18edf66904c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.556Z", "modified": "2020-09-30T16:27:44.556Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--84bd380a-a03a-4a5f-8c06-c31593c5a63a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.573Z", "modified": "2020-09-30T16:27:44.573Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTA1MTQ3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--ad19f974-8dbd-4341-a5b4-94bcd48054c8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.590Z", "modified": "2020-09-30T16:27:44.590Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2CVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--32853719-463f-4d9a-9419-5898ca580a6f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.606Z", "modified": "2020-09-30T16:27:44.606Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--84bce5d0-2112-4a54-948c-4e823a70ef32", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.623Z", "modified": "2020-09-30T16:27:44.623Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vc3lzL2ZzL2Nncm91cAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--3a417dca-3cea-4f60-a9d8-be10d4e55b7b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.638Z", "modified": "2020-09-30T16:27:44.638Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vYm9vdAlWYWx1ZT0wLjE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2078b571-ed09-4964-89dd-4a0d54c7af62", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.654Z", "modified": "2020-09-30T16:27:44.655Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--169444f7-51d2-4883-8e16-66285b918778", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.673Z", "modified": "2020-09-30T16:27:44.674Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuL3VzZXIvMAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7a1ac121-4567-4cc4-bf8f-7ebfe0babfc4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.694Z", "modified": "2020-09-30T16:27:44.694Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2L3NobQlWYWx1ZT0wLjAxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4d5bf0c9-9cb5-4f32-b5b8-e8a0b3e40f9c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.714Z", "modified": "2020-09-30T16:27:44.714Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Jb1dhaXQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wNQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--82559b48-ec83-4cd1-aef9-1e37a3dbe8e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.733Z", "modified": "2020-09-30T16:27:44.733Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMTUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Ni4yMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--cf302d98-8786-4c16-ae4c-4f3aff0a3aa9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.752Z", "modified": "2020-09-30T16:27:44.752Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuCVZhbHVlPTAuMTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9977aa84-5feb-49e1-ac4e-39fd1a86de00", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.770Z", "modified": "2020-09-30T16:27:44.770Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeUZyZWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDY3OTcyLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--5bc280aa-6aeb-4060-bd92-c5189f1dc3a1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.788Z", "modified": "2020-09-30T16:27:44.788Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2RldglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9f687eb8-31e7-4407-968a-023f8b21e42b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.810Z", "modified": "2020-09-30T16:27:44.810Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Jvb3QJVmFsdWU9MTc4MTA2MzY4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9d199f82-65ab-4e19-b125-21b77e486537", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.829Z", "modified": "2020-09-30T16:27:44.829Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Rldi9zaG0JVmFsdWU9MjA0ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a8f287f2-4a81-4ae7-98aa-60a988736b52", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.847Z", "modified": "2020-09-30T16:27:44.847Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3N5cy9mcy9jZ3JvdXAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d6a88d16-d053-4724-a4c4-22899f8522e4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.865Z", "modified": "2020-09-30T16:27:44.865Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bi91c2VyLzAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8cef271f-8614-4c66-9911-46010c4b7154", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.886Z", "modified": "2020-09-30T16:27:44.886Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bglWYWx1ZT04NTY3NjQ0MTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--84446e7b-515b-44b5-abf9-36918411f1ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.904Z", "modified": "2020-09-30T16:27:44.904Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9LwlWYWx1ZT05MDY1NjI2NDE5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--bdf84fbf-6fea-4402-baa7-aa70c668ed5d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.923Z", "modified": "2020-09-30T16:27:44.923Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyLjMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d223f8a3-fb49-4938-a9b2-a194f24f2b1c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.942Z", "modified": "2020-09-30T16:27:44.942Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnNQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03LjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d61904df-4542-47b9-891a-d334fa072b1a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.960Z", "modified": "2020-09-30T16:27:44.960Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yLjEzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--ce80e29a-02a3-40c5-ac39-e87234d1d8ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.980Z", "modified": "2020-09-30T16:27:44.980Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--14f7640a-99c8-48a3-a3fd-c6adb48136fd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:44.998Z", "modified": "2020-09-30T16:27:44.998Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzgxNDcxMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--99dc8bec-5ddb-4d4c-8501-a0ad140dfb2c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.016Z", "modified": "2020-09-30T16:27:45.016Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwOTAwNjMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--aec7173f-2162-47c2-b8b6-a8284b352c6b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.034Z", "modified": "2020-09-30T16:27:45.034Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--07775389-127d-43a8-86e8-4a79572d3ece", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.052Z", "modified": "2020-09-30T16:27:45.052Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjI0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--437a3eb7-37b3-4cc0-ae02-c86b90ccb8c8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.072Z", "modified": "2020-09-30T16:27:45.072Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA5MDA1OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--855d18c2-0555-40d3-84f9-de594e2a781b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.091Z", "modified": "2020-09-30T16:27:45.091Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OaWNlQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a05a3628-d4e2-4e08-88a6-c407df298eca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.110Z", "modified": "2020-09-30T16:27:45.110Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ0NS40Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--18154f7f-46cf-4dcf-ab2c-dc6ac59cd9d0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.129Z", "modified": "2020-09-30T16:27:45.129Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA3MjQ2MjY0NjkyMjUzMDkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--44a88855-48b3-4b62-9e55-1f7c1f410e84", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.149Z", "modified": "2020-09-30T16:27:45.149Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MC4wMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f7a476e9-d9bd-42ca-81d4-9214eaccf5dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.167Z", "modified": "2020-09-30T16:27:45.167Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTMuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4fd29694-c6be-4a07-aca3-d1d70a72f82f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.185Z", "modified": "2020-09-30T16:27:45.185Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9MC4zOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--5ff79d46-384a-4de6-8ac1-3e13f26ab53f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.205Z", "modified": "2020-09-30T16:27:45.205Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0zLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4e59871f-35d2-492c-b5b3-dd18bba56872", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.223Z", "modified": "2020-09-30T16:27:45.223Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--81873916-73dc-4657-b150-7f7bae45bf3f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.241Z", "modified": "2020-09-30T16:27:45.241Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BDbG9zZVdhaXRDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2119ace9-cf2d-43a7-bf26-de561e2e012d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.262Z", "modified": "2020-09-30T16:27:45.262Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05ODAyNzc3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2add0af8-7bf4-498c-8d16-ac4c07ff1479", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.280Z", "modified": "2020-09-30T16:27:45.280Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYJVmFsdWU9ODMxNjA1OTY0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--310fd801-1000-4967-b751-d9ada1dede0e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.299Z", "modified": "2020-09-30T16:27:45.299Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVDUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e052e700-845d-4994-bfdb-a6e31850baea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.318Z", "modified": "2020-09-30T16:27:45.318Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4vdXNlci8wCVZhbHVlPTE2NjU2MTc5MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--c3e5b440-3bbb-4ce2-afed-ccab58c31c61", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.338Z", "modified": "2020-09-30T16:27:45.338Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9zeXMvZnMvY2dyb3VwCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--905b4318-ae75-411d-8ffd-bb323d1c1e64", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.355Z", "modified": "2020-09-30T16:27:45.355Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ib290CVZhbHVlPTEwNjMyNTYwNjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--accad714-c925-49bb-b338-ba239273aec1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.374Z", "modified": "2020-09-30T16:27:45.374Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS8JVmFsdWU9MjU4NjQ1NDI2MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--43b12fbf-6964-48f7-9f4e-f0833aa747d6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.393Z", "modified": "2020-09-30T16:27:45.393Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYvc2htCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--70b30549-99a3-4e98-8dd1-92d96777b66a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.411Z", "modified": "2020-09-30T16:27:45.411Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTAuMDEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2ff8b1bb-19ba-4111-b710-cc54826fa0a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.434Z", "modified": "2020-09-30T16:27:45.434Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4JVmFsdWU9ODMyODA3NzMxMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--96ded694-5885-45da-b4ef-42cd5154833c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.454Z", "modified": "2020-09-30T16:27:45.454Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d77d340f-a838-4bf2-b421-2625b005a428", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.473Z", "modified": "2020-09-30T16:27:45.473Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeVVzZWQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MS41Nzk3ODA0RTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8348165c-4cb5-4ab8-be68-eb24914d1c61", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.492Z", "modified": "2020-09-30T16:27:45.492Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6459eeb4-9384-45b9-aa74-66660b772af9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.509Z", "modified": "2020-09-30T16:27:45.509Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVdyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a17d24b1-6e23-457e-a7bf-713367306ada", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.526Z", "modified": "2020-09-30T16:27:45.526Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXNDcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Ni4xOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--33acd78d-b678-48ac-b047-e4653e6ae4f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.542Z", "modified": "2020-09-30T16:27:45.542Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6afa8bfc-70cc-417e-bdeb-bfccf431cde4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.559Z", "modified": "2020-09-30T16:27:45.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f2a1e866-0647-41c5-a098-e7625fd193de", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.574Z", "modified": "2020-09-30T16:27:45.574Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1CdWZmZXJlZE1lbW9yeQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--ac1ca7ca-cc1c-45c0-b4f0-f4c54c7be00f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.592Z", "modified": "2020-09-30T16:27:45.592Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTg0LjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--724a112f-878e-42c8-876f-16099d9b2c6f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.613Z", "modified": "2020-09-30T16:27:45.614Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8b2827e1-3de7-466a-b2ad-1a6c496c3f56", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.634Z", "modified": "2020-09-30T16:27:45.634Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhcldyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7100c833-c971-49d8-9986-76a6006edd90", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.655Z", "modified": "2020-09-30T16:27:45.655Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--1bdc8b00-c901-4aaa-94ba-120da691f3da", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.674Z", "modified": "2020-09-30T16:27:45.674Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--5c07da15-79b6-4dad-b5b3-3c70fc357890", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.693Z", "modified": "2020-09-30T16:27:45.693Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VZHBDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d386ef9e-dfcd-4014-a9b4-ad266f39298a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.712Z", "modified": "2020-09-30T16:27:45.712Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Vc2VyQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExLjY0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--b5436f80-9457-4212-abb0-48a33ac936a7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.731Z", "modified": "2020-09-30T16:27:45.731Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhckNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7ab018d7-bda4-42db-9fbb-7c28230abb49", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.750Z", "modified": "2020-09-30T16:27:45.750Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTk5MTY0LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e8a02e48-a3ea-4358-8e16-499ceb8d4a5e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.769Z", "modified": "2020-09-30T16:27:45.769Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e549a9b8-984f-4a3e-bde4-5196334c5f75", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.790Z", "modified": "2020-09-30T16:27:45.790Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9e3e79eb-ac3a-4be9-9e5d-65f08ad26d81", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.809Z", "modified": "2020-09-30T16:27:45.809Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MS40Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f8ee771f-5da2-46ef-babb-d26c0bd2b772", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.828Z", "modified": "2020-09-30T16:27:45.828Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--5ed0b834-b304-460b-a3cf-384f195dc46d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.847Z", "modified": "2020-09-30T16:27:45.847Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTEuNzIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--31526cbe-815f-4625-bd29-bb74dab803e6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.864Z", "modified": "2020-09-30T16:27:45.864Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8842abd6-9873-4f38-918f-c0e4b3d9bba3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.880Z", "modified": "2020-09-30T16:27:45.880Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bUNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4633c29f-aea7-48f1-909f-8748dc9da475", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.897Z", "modified": "2020-09-30T16:27:45.897Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1LZXJuZWxPT01Db3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e0774afb-9259-424d-9669-086c02fa796a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.912Z", "modified": "2020-09-30T16:27:45.912Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9eGZzCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--c5174c3b-bdbe-4e43-9d3d-e3dbff3458b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.928Z", "modified": "2020-09-30T16:27:45.928Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9ZGV2dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--debd54fc-098e-44df-8f07-f03a7c617351", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.944Z", "modified": "2020-09-30T16:27:45.944Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5RdWV1ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--01289101-3f8a-4a30-8515-95e4720dbd6e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.961Z", "modified": "2020-09-30T16:27:45.961Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f8e05b42-fe0a-48b3-ba79-4068c089ff69", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.976Z", "modified": "2020-09-30T16:27:45.976Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhclJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--5f882bb3-54d6-48ff-aaa3-c652089834b6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:45.992Z", "modified": "2020-09-30T16:27:45.992Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DYWNoZWRNZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwMzgxOTYuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--08cb970d-f31f-4ea0-b8b5-879529d0a6a5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.007Z", "modified": "2020-09-30T16:27:46.007Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1DcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--b14cdb4b-1561-4fe0-b98b-540823e5576f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.023Z", "modified": "2020-09-30T16:27:46.023Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8c6b8d05-a6fc-454b-ae13-8e15a7d7d7fd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.038Z", "modified": "2020-09-30T16:27:46.038Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--eafc44db-baa9-4a10-b5aa-20a832309d13", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.054Z", "modified": "2020-09-30T16:27:46.054Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MjguOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6b2be781-3ea4-493f-82c5-b50a820005a1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.069Z", "modified": "2020-09-30T16:27:46.069Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MTYuNzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--c2d7579d-4d9a-4127-9100-ee54040a11e4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.084Z", "modified": "2020-09-30T16:27:46.084Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--3f279766-5535-4cfd-9872-fa853121d9ba", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.101Z", "modified": "2020-09-30T16:27:46.101Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--df0cf090-eb1f-4255-a624-36c4b3fe1f93", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.148Z", "modified": "2020-09-30T16:27:46.148Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MaXN0ZW5Db25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--b90f2706-7ecf-48a7-b739-4a706f6b8272", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.169Z", "modified": "2020-09-30T16:27:46.169Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2a7abbe9-96b0-41c3-b9f9-cdd3a340e6c5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.187Z", "modified": "2020-09-30T16:27:46.187Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--65984d8d-899c-4da6-8658-2c7e52466ebd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.205Z", "modified": "2020-09-30T16:27:46.205Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwVXRpbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMi40Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f8a3373b-790e-42e1-a49f-278146a3a6d2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.222Z", "modified": "2020-09-30T16:27:46.222Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTMuOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4d04ac11-3860-4f7a-a908-feedc370d268", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.238Z", "modified": "2020-09-30T16:27:46.238Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UQ1BFc3RhYmxpc2hlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NjQzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e59da065-bcda-480d-92dd-e83d43fa6a76", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.254Z", "modified": "2020-09-30T16:27:46.254Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--79c768fd-f84b-4839-ae81-f91b04d1e2db", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.269Z", "modified": "2020-09-30T16:27:46.269Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0yLjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6e65df68-3124-4040-a704-6d62e2910309", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.286Z", "modified": "2020-09-30T16:27:46.286Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Ni4xOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--fc400dba-346b-41a6-aea2-7528d020e5f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.301Z", "modified": "2020-09-30T16:27:46.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6f97f8bd-9995-4b00-b8ba-8478c74dc5e6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.317Z", "modified": "2020-09-30T16:27:46.317Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BUaW1lV2FpdENvbm5lY3Rpb25zCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9bmV0c3RhdAlWYWx1ZT0xNzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--650e686c-ac4e-4ea7-827d-7041f7e09652", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.332Z", "modified": "2020-09-30T16:27:46.332Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--529dc532-225b-4269-862e-b559abc1dea8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.348Z", "modified": "2020-09-30T16:27:46.348Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2fe92aa5-0572-414b-a31f-39056d7b2440", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.365Z", "modified": "2020-09-30T16:27:46.365Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--afeb4f0a-495e-49cc-95e5-9e62ae855c09", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.384Z", "modified": "2020-09-30T16:27:46.384Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMDcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4ab05f2c-afc2-4852-9bb1-e713a9d386c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.403Z", "modified": "2020-09-30T16:27:46.403Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVXcml0ZUlPCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--efe791af-afc8-48ba-821c-4bab5a8fedfa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.421Z", "modified": "2020-09-30T16:27:46.421Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9NS41Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--bb0ab471-73f9-4746-8d1c-604e8d3736cb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.445Z", "modified": "2020-09-30T16:27:46.445Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MTIuNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--74c47006-ac0e-4a34-890d-e024c3985566", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.467Z", "modified": "2020-09-30T16:27:46.467Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yOTczMzgwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--ed45d9a4-aecf-4ccd-b89a-327a8f0ccc65", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.487Z", "modified": "2020-09-30T16:27:46.487Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ0NS40Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--550690ad-f365-45c6-b665-ff3ad366aeb3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.507Z", "modified": "2020-09-30T16:27:46.507Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMDUxMzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4e951cd9-d27a-48a0-95d2-40694b0e8104", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.526Z", "modified": "2020-09-30T16:27:46.526Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JZGxlQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgxLjc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--798d42b2-3705-48f0-a7f3-e08ca3814346", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.546Z", "modified": "2020-09-30T16:27:46.546Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVSZWFkSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7ccfbb41-c08e-4380-bd4a-4be837f8fd6c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.565Z", "modified": "2020-09-30T16:27:46.565Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMDM2NjkyNDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--f0480df6-ee3f-453e-84a8-6d96be95d02f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.584Z", "modified": "2020-09-30T16:27:46.584Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--43676e65-4e05-4cda-af02-6afda70668a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.605Z", "modified": "2020-09-30T16:27:46.605Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7d8b3bdb-0bb0-44ff-8db5-7fc264d02509", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.624Z", "modified": "2020-09-30T16:27:46.624Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA1MDY4OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8aecdcb0-78ff-43b6-ab5d-96a98f3d2deb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.645Z", "modified": "2020-09-30T16:27:46.645Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9cd58be3-e04b-446a-b72e-5cd4a4887f8c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.662Z", "modified": "2020-09-30T16:27:46.662Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4a4dc0aa-27a4-4911-9926-dfb97b4da741", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.679Z", "modified": "2020-09-30T16:27:46.679Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e59b7f61-b19d-4939-9cfb-b31410cdc2cd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.695Z", "modified": "2020-09-30T16:27:46.695Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6ea2f116-d72a-4aa9-a04e-65bd19ea6cc8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.711Z", "modified": "2020-09-30T16:27:46.711Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--18ea9e53-24ca-4db7-be10-2aee96c2d487", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.727Z", "modified": "2020-09-30T16:27:46.727Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--8ba39c97-fd11-4e98-8f16-6e9891243fdd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.742Z", "modified": "2020-09-30T16:27:46.742Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2ce6597a-1791-4c0a-ab3b-cc2d99b32924", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.758Z", "modified": "2020-09-30T16:27:46.758Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7e19a0e1-e19a-4b76-b0f6-f0b0e46d2e3c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.773Z", "modified": "2020-09-30T16:27:46.773Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d18d0ddd-b66d-4f3d-96ce-550d9225c961", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.788Z", "modified": "2020-09-30T16:27:46.788Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3OTg1MDUzMQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--50f0c032-5ed8-4838-a280-34655bed8885", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.805Z", "modified": "2020-09-30T16:27:46.805Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3NTc2ODg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--61ae1a7b-701e-4ea0-8804-fe21d21b504f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.821Z", "modified": "2020-09-30T16:27:46.821Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--a25d0ce2-9aa4-4485-8fd4-27d53427076a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.837Z", "modified": "2020-09-30T16:27:46.837Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDA4NjA4NTE5NTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--1a558c3f-0947-4f0c-8c4e-b3042a3f7c5a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.852Z", "modified": "2020-09-30T16:27:46.852Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMDg2MDg1MDcxMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--56d8691a-ad56-4ec3-b875-63323b0df6e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.867Z", "modified": "2020-09-30T16:27:46.867Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--21d27db7-d27e-4f1e-bd83-3795b38449c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.883Z", "modified": "2020-09-30T16:27:46.883Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTU0MDIwNjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--85c3eefe-332f-4567-9d1f-b6669711f8f2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.899Z", "modified": "2020-09-30T16:27:46.899Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzM4NjAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--3a02528d-ce91-42ae-bd52-8266aa2d763b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.914Z", "modified": "2020-09-30T16:27:46.914Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--b019e7ef-c847-4c98-8400-e37c744790b3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.929Z", "modified": "2020-09-30T16:27:46.929Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--5c5304e8-cbf2-4689-b547-fc7e1e64238a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.944Z", "modified": "2020-09-30T16:27:46.944Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e91763cd-49ae-4b7a-b1ad-674352a650ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.961Z", "modified": "2020-09-30T16:27:46.961Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQuMzk4ODc5NDA3Nzg0MTY4NEUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--3d3313e8-2c8b-4a0f-91f9-24cce50b8e8f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.977Z", "modified": "2020-09-30T16:27:46.977Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTk5ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4f8e062b-65af-405b-b28f-f482ef3dc6ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:46.992Z", "modified": "2020-09-30T16:27:46.992Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--fde9881a-91ff-4563-be8a-7063a93dff17", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.007Z", "modified": "2020-09-30T16:27:47.007Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3NTc2ODg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--d8b6f820-7f29-4d0e-8b43-588515330823", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.022Z", "modified": "2020-09-30T16:27:47.022Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4cb7b42c-ef60-4a52-984e-5e6193d0d88d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.037Z", "modified": "2020-09-30T16:27:47.037Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3OTg1MDUzMQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--347a0aed-b346-48e0-99d4-b572a5d1ae87", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.053Z", "modified": "2020-09-30T16:27:47.053Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--7ffc3e28-69ae-45a8-977f-10ce0f32d141", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.068Z", "modified": "2020-09-30T16:27:47.068Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkzNTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--973f142a-f225-49cd-a2d4-39622ec94140", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.083Z", "modified": "2020-09-30T16:27:47.083Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4e6d0cc1-d973-49f4-8606-277ee56025f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.100Z", "modified": "2020-09-30T16:27:47.100Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgzMDUwNTg0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6ef96f96-2da5-48b6-b6a0-7ae5de22373a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.116Z", "modified": "2020-09-30T16:27:47.116Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTQ0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--2c3d3cfb-547e-4140-845f-6071e54742ed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.132Z", "modified": "2020-09-30T16:27:47.132Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--12ed1426-0a8e-4b72-9de7-0a4f63b349ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.148Z", "modified": "2020-09-30T16:27:47.148Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--4fbb4a50-48d8-4d76-9c1d-df48f0ceb1ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.164Z", "modified": "2020-09-30T16:27:47.164Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--01c88dbe-beff-485b-b2b2-7d98aef9d4df", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.179Z", "modified": "2020-09-30T16:27:47.179Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--6999a046-b1c6-4d7b-8e6a-cc2700b0fcdd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.196Z", "modified": "2020-09-30T16:27:47.196Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--eb2d54ed-b975-4530-b17d-2fffcab74a7d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.213Z", "modified": "2020-09-30T16:27:47.213Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--ea9b90ef-2279-46b2-89f5-e3349fbbbee6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.230Z", "modified": "2020-09-30T16:27:47.230Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--9431813c-0225-4af1-a531-73431b1d810b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.248Z", "modified": "2020-09-30T16:27:47.248Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTQzNTg1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--cbab57c6-e42f-4ff7-aa2d-d7050d8f656a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.265Z", "modified": "2020-09-30T16:27:47.265Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTcwODc0ODgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--b95227fe-59c7-42d2-9b56-0b6875bca287", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.282Z", "modified": "2020-09-30T16:27:47.282Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--93c0e55e-654c-4996-9192-28c421224b53", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.298Z", "modified": "2020-09-30T16:27:47.298Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--e971a68b-ebf5-42e1-94f0-14b4a82efc46", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.315Z", "modified": "2020-09-30T16:27:47.315Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--461adbf5-c4fd-4e25-98d4-f926108b2b17", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.331Z", "modified": "2020-09-30T16:27:47.331Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjA2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--76c0ebb5-bc73-46e8-94b0-0a6e815484e1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.347Z", "modified": "2020-09-30T16:27:47.347Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93R292ZXJuZXJRdWV1ZVNwaWxsRmlsZXNDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--808cfc94-7314-4102-b714-b31716117acd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.365Z", "modified": "2020-09-30T16:27:47.365Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuNDUwNTU4MTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.494Z", "last_observed": "2020-09-30T16:25:00.494Z", "number_observed": 1 }, { "id": "observed-data--c0014e07-bd89-4fce-9c75-2d5ed9953024", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.385Z", "modified": "2020-09-30T16:27:47.385Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--ffedb26d-2cce-49d4-9c7c-de4396368957", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.408Z", "modified": "2020-09-30T16:27:47.408Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--8d207acc-fa4f-41bb-898a-2e42c314bfed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.431Z", "modified": "2020-09-30T16:27:47.431Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--bbc0a6d9-bcda-4d2e-a81c-7c706af3c5bf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.453Z", "modified": "2020-09-30T16:27:47.453Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--8e7887a6-2915-4ba1-93b3-2ddcd39b16eb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.474Z", "modified": "2020-09-30T16:27:47.474Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--6079b2f2-b323-4c8e-af80-668d9f916cdd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.493Z", "modified": "2020-09-30T16:27:47.493Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--21823ab4-18a6-4bf1-ad11-8d10c2a31fcd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.510Z", "modified": "2020-09-30T16:27:47.510Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNjM5NzE4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--49d3dd57-dd1a-4181-b382-83d2aede61f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.526Z", "modified": "2020-09-30T16:27:47.526Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--2448f677-1d5c-4a24-b42a-b4fd75bff9b1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.541Z", "modified": "2020-09-30T16:27:47.541Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FQ1RDUFRPRVBNYXhGaWxlQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIzNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fef2e88c-1a6e-437c-8633-c365323d602c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.557Z", "modified": "2020-09-30T16:27:47.557Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db21wcmVzc2VkRXZlbnRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MzQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--0a238ea8-8e74-4d0c-bc22-b6cb196cd060", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.572Z", "modified": "2020-09-30T16:27:47.572Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwNTAyNzAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--b5472b10-b995-4b75-9ef7-53234758a80d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.589Z", "modified": "2020-09-30T16:27:47.589Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NzAyMzk0ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--ed5fed27-581e-4149-a7ca-4b795d087b07", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.604Z", "modified": "2020-09-30T16:27:47.604Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93UmF0ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02LjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--27e6ed2e-1e01-4f26-a1b1-de51d2f2ec2c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.619Z", "modified": "2020-09-30T16:27:47.619Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA1MDI1Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--1e4f5f04-0fb6-4dc7-92ee-e001810c559e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.634Z", "modified": "2020-09-30T16:27:47.634Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--c95390c9-6593-4ce7-8cd4-34138d48b799", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.650Z", "modified": "2020-09-30T16:27:47.650Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--bf067e1e-7f02-42f5-8e9e-41f399c9a781", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.666Z", "modified": "2020-09-30T16:27:47.666Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNjgyODUwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--00536fc5-d34c-4820-948f-f39d01eeb8a2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.681Z", "modified": "2020-09-30T16:27:47.681Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--1784fead-d747-4e1b-9160-37e90afc3e07", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.696Z", "modified": "2020-09-30T16:27:47.696Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIwOTcyMzM5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--cecb74a7-88f3-43e6-b6da-568ea32c07b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.712Z", "modified": "2020-09-30T16:27:47.712Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA2Njg2MjMzNjE2MDE3NTcxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--33608c34-d16a-45d7-a126-1d3cb4012d6d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.727Z", "modified": "2020-09-30T16:27:47.727Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FQ1RDUFRPRVBEaXNrU2l6ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--6758bc6a-22a3-45e6-8c5e-21f83da9c102", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.745Z", "modified": "2020-09-30T16:27:47.745Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--9af40e40-1256-4851-af0f-a637d1685f53", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.762Z", "modified": "2020-09-30T16:27:47.762Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMDQ5OTk3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--531e6609-ca77-42ec-8572-d35b8378947e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.778Z", "modified": "2020-09-30T16:27:47.778Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIwOTcyMzM5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--77d80453-9655-40a4-b352-69420e7e176f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.794Z", "modified": "2020-09-30T16:27:47.794Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFJhdGUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTMwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--d537cd09-160e-4380-97a0-765f18704c4d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.811Z", "modified": "2020-09-30T16:27:47.811Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNjM5NzE4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--91c72744-4a45-49df-9172-f8768abe3e94", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.827Z", "modified": "2020-09-30T16:27:47.827Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93R292ZXJuZXJRdWV1ZU1heEZpbGVDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--91363053-3aeb-4df6-9bc2-dd2358e6e79a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.843Z", "modified": "2020-09-30T16:27:47.843Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--f30a3383-a2e3-483a-8e87-501b37656bcc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.858Z", "modified": "2020-09-30T16:27:47.858Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--f54c81e5-312a-4441-86e2-ad6a5323ae50", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.873Z", "modified": "2020-09-30T16:27:47.873Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIzNTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--8f4e537c-d349-4f92-a988-befc561970f6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.889Z", "modified": "2020-09-30T16:27:47.889Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93R292ZXJuZXJRdWV1ZURpc2tTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--26a7a2d2-bc23-4229-bb28-b83d236558ed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.906Z", "modified": "2020-09-30T16:27:47.906Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMjk4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--55115ee7-49a9-41c2-93b0-b6a2333941f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.923Z", "modified": "2020-09-30T16:27:47.923Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDM1NjQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fe732d99-d183-4c79-aae8-b1b7d19f8d3e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.939Z", "modified": "2020-09-30T16:27:47.939Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FQ1RDUFRPRVBTcGlsbEZpbGVzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--5d64c4c1-145b-41ab-bb1b-a6949e482430", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.955Z", "modified": "2020-09-30T16:27:47.955Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMDIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fbe6c3cd-dfe4-4dde-a3f2-84ca13f9be57", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.971Z", "modified": "2020-09-30T16:27:47.971Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDcwNTU0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--168fb9bc-e49d-47c1-899b-7e47f3e7a8bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:47.986Z", "modified": "2020-09-30T16:27:47.986Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDEzODQ5MDg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--da1b94b0-2c97-47b2-863a-4f2e42d4ab20", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.002Z", "modified": "2020-09-30T16:27:48.002Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--2d15191c-276f-483b-9bc5-1d75b24b5cbf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.020Z", "modified": "2020-09-30T16:27:48.020Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--9b6ec6d2-ef66-4e45-94a0-7292aac05528", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.039Z", "modified": "2020-09-30T16:27:48.039Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fc95d486-63ac-4794-b069-ee688a88e663", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.062Z", "modified": "2020-09-30T16:27:48.062Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--a40bd4a5-2c28-45c9-9206-b176f75a8b52", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.081Z", "modified": "2020-09-30T16:27:48.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--329db428-4888-418e-a545-5b22760a8e21", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.100Z", "modified": "2020-09-30T16:27:48.100Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTMxMDAyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--82fb4c88-a0e4-45b3-8c38-341cfbc4abf5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.120Z", "modified": "2020-09-30T16:27:48.120Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--cc4591c4-66f6-447f-833b-3e366ef4c4f3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.140Z", "modified": "2020-09-30T16:27:48.140Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--0be274b4-9c10-4d65-bff3-856454b36d6c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.159Z", "modified": "2020-09-30T16:27:48.159Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI1MDgwMTQ0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--609d35f6-fcd0-422e-8031-c777185b2f47", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.177Z", "modified": "2020-09-30T16:27:48.177Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMzEwMDExCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--3d6e5bab-0021-40fa-80a9-323c25ccb362", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.198Z", "modified": "2020-09-30T16:27:48.198Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--f6a16930-656d-4b7e-a511-879dded2c91d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.216Z", "modified": "2020-09-30T16:27:48.216Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--eb47afd5-4d38-4757-a161-6b73444a3a36", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.235Z", "modified": "2020-09-30T16:27:48.235Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--bd499d98-ff5e-46c2-8b93-5adba5cc5e82", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.256Z", "modified": "2020-09-30T16:27:48.256Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExOTk2MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--5443d0ce-a17a-4165-9e4c-99523d8bcfe2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.275Z", "modified": "2020-09-30T16:27:48.275Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fe516b50-3cbe-4aa2-b4d2-f9af052f0944", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.294Z", "modified": "2020-09-30T16:27:48.294Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My4wMDA3NTg5NTI5Nzk2MDczRS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--7cf20aa1-ddf2-4ff7-a312-f2ed42af21c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.314Z", "modified": "2020-09-30T16:27:48.314Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--0b706a9e-ea51-4765-9cef-9c5a74c0e9c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.333Z", "modified": "2020-09-30T16:27:48.333Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0MjU2Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--28f9ca35-a825-4e73-a167-7c0f66f428d2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.351Z", "modified": "2020-09-30T16:27:48.351Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--ff0aad63-f921-4326-9076-0595c8e2b8e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.370Z", "modified": "2020-09-30T16:27:48.370Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--61346e58-3ea2-4980-b801-d53a741e5135", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.390Z", "modified": "2020-09-30T16:27:48.390Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzE1Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--a41fafbc-1c01-4d1f-9fd9-e6deba911225", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.408Z", "modified": "2020-09-30T16:27:48.408Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MTkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--7c16c61f-81c1-4da9-bfc9-98c507adcbee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.427Z", "modified": "2020-09-30T16:27:48.427Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODE0NzAzNDEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--b8104717-4ab8-4b20-bffb-d14c7ab8a7ac", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.448Z", "modified": "2020-09-30T16:27:48.448Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--eeed1257-2828-4db2-a0c7-61af565df84d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.467Z", "modified": "2020-09-30T16:27:48.467Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--ce492704-a6ff-4453-aedf-09a275c5704a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.486Z", "modified": "2020-09-30T16:27:48.486Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMyNDYzNjY3Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--229f8d64-fc33-4d89-85b2-6690f49f5de1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.504Z", "modified": "2020-09-30T16:27:48.504Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db25zb2xlRXZlbnRGVFNMYXN0SW5kZXhUaW1lCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--facf60cc-9240-45bd-bffa-0d4b998ec5f4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.524Z", "modified": "2020-09-30T16:27:48.524Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--9c2f1c14-279e-431c-a29b-4546dfd9554b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.542Z", "modified": "2020-09-30T16:27:48.542Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--2698b9c6-1392-4983-96b2-43e5f80c120a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.560Z", "modified": "2020-09-30T16:27:48.560Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db25zb2xlRmxvd0ZUU0xhc3RJbmRleFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--48b3e422-8915-4a05-ba40-a6656e3d37ba", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.577Z", "modified": "2020-09-30T16:27:48.577Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--0595ae4d-e0ea-474a-8570-7da050281f44", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.595Z", "modified": "2020-09-30T16:27:48.595Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTMzLjMzMzMzMzMzMzMzMzMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--04a3c26a-7e3e-47c4-8c35-ff512426abb9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.615Z", "modified": "2020-09-30T16:27:48.615Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT02Ni42NjY2NjY2NjY2NjY2Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--15f5aece-d510-4037-beb6-72ac7e5431a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.633Z", "modified": "2020-09-30T16:27:48.633Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fa031e11-b335-44a2-a59f-f21630de851f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.650Z", "modified": "2020-09-30T16:27:48.650Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5uaW5nU29ydHMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--1b97f22b-04dc-4daa-a5b5-0cb82f58f6d4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.667Z", "modified": "2020-09-30T16:27:48.667Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--5d19d0d3-3823-4450-a89c-d2573b9e56e2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.683Z", "modified": "2020-09-30T16:27:48.683Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--d5fe1a9d-ff2e-44bd-bc8b-1b692ca78a4b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.701Z", "modified": "2020-09-30T16:27:48.701Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTUyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--e7d80e1b-0452-401f-bab4-189b3d369576", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.718Z", "modified": "2020-09-30T16:27:48.718Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjg0OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--284e94eb-fcbf-4bfa-9219-56363b45cd51", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.734Z", "modified": "2020-09-30T16:27:48.734Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--b3b2d4ad-3e0b-4ac1-93a9-92cc40a44ccd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.749Z", "modified": "2020-09-30T16:27:48.749Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--48176ba5-69dd-4af3-a7ae-fd3ec465b272", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.766Z", "modified": "2020-09-30T16:27:48.766Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--a9077509-ba30-4459-bc5d-3c87c7dd431a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.781Z", "modified": "2020-09-30T16:27:48.781Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzQ0MDc4ODkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--9ca2b95d-7970-462d-944e-7bd2b3f2baaf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.797Z", "modified": "2020-09-30T16:27:48.797Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--fa44d1be-3167-4170-82f9-1f0ba2752cee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.813Z", "modified": "2020-09-30T16:27:48.813Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1PcGVuQ3Vyc29ycwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjI3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--ece0551c-ef5a-408a-951c-9fdb2f2bad7e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.829Z", "modified": "2020-09-30T16:27:48.829Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--6ce2b4b9-d353-41e0-af3e-ac002cd9a72d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.844Z", "modified": "2020-09-30T16:27:48.844Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--5fc9a596-44f3-49dc-ac98-8ef7d0aae41e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.860Z", "modified": "2020-09-30T16:27:48.860Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--470737ae-6d58-4682-8e3a-469f5408cc35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.875Z", "modified": "2020-09-30T16:27:48.875Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--a78f9ecc-e759-42a9-8b6f-1230fe2becfd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.891Z", "modified": "2020-09-30T16:27:48.891Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzk4NTA1MzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--4e1a17f9-b83c-4bf5-922b-3dabe549b69a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.907Z", "modified": "2020-09-30T16:27:48.907Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--a97af33f-95b2-4f65-9b21-e598c56ad045", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.927Z", "modified": "2020-09-30T16:27:48.927Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.495Z", "last_observed": "2020-09-30T16:25:00.495Z", "number_observed": 1 }, { "id": "observed-data--f01f06d0-271a-4764-a358-90c2e0006cbf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.945Z", "modified": "2020-09-30T16:27:48.945Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjQ0NTQwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--a3aa46e5-ec1a-458b-9035-915aa4a2c1a1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.964Z", "modified": "2020-09-30T16:27:48.964Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--36907b68-5530-4ea8-ac35-ea79e655b5ff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:48.983Z", "modified": "2020-09-30T16:27:48.983Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mzk3NzYzODI0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--b704512f-ebe9-4479-b418-7f17077d039f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.002Z", "modified": "2020-09-30T16:27:49.002Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODY1MDk2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--9a263476-e6d0-407e-85f5-1cacfa8eb191", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.019Z", "modified": "2020-09-30T16:27:49.019Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--52a53d2f-3f99-478a-9f26-df53f207851b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.038Z", "modified": "2020-09-30T16:27:49.038Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI4NjUwNTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--8fed18a4-a802-408d-af34-81f83b4e819b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.057Z", "modified": "2020-09-30T16:27:49.057Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02LjA5ODYzOTM0OTE3NTc0M0UtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--b7116cf2-9255-4bac-9bde-cf9275c76b81", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.075Z", "modified": "2020-09-30T16:27:49.075Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--a328f7fd-77a3-4fdb-b632-05fa210b4013", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.094Z", "modified": "2020-09-30T16:27:49.094Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--b4899098-c2b9-4c0b-8224-23a612a35d66", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.116Z", "modified": "2020-09-30T16:27:49.116Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzQ0MDc4ODkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--dba17668-f2f1-41c0-a076-e211b46a6c23", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.135Z", "modified": "2020-09-30T16:27:49.135Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--0eab152e-1304-43f2-9915-a32167846425", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.154Z", "modified": "2020-09-30T16:27:49.154Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzk4NTA1MzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--53079c42-19eb-4b08-9a65-ae4474af0914", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.173Z", "modified": "2020-09-30T16:27:49.173Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--f873b23c-a569-4869-9e3a-71cfa20cf6e7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.192Z", "modified": "2020-09-30T16:27:49.192Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTc5OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--0dc207f9-98e9-487e-a1f3-baea1328755b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.211Z", "modified": "2020-09-30T16:27:49.211Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mzc1MzIwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--ca002bf8-05e8-4685-a7b6-aa221e4b543a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.230Z", "modified": "2020-09-30T16:27:49.230Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMjQ4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--33c61d10-1dd8-4eef-bd12-2cc7eb8139f5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.249Z", "modified": "2020-09-30T16:27:49.249Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5uaW5nUXVlcmllcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--9e49df3a-917b-4a9f-8f9c-f6c312be8eae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.268Z", "modified": "2020-09-30T16:27:49.268Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEwNjU0MjU5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--de682283-db87-4b1e-8102-408273248691", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.288Z", "modified": "2020-09-30T16:27:49.288Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI2ODM4Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--8dcc7e49-c20e-402d-9a9e-06b8fb9a9ce4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.308Z", "modified": "2020-09-30T16:27:49.308Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTU2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--484e5818-1072-4a77-be1d-ff7ec0d44b8f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.327Z", "modified": "2020-09-30T16:27:49.327Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:00.648Z", "last_observed": "2020-09-30T16:25:00.648Z", "number_observed": 1 }, { "id": "observed-data--9955e544-24f1-4a82-b6dd-4ba541ba35df", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.346Z", "modified": "2020-09-30T16:27:49.346Z", "objects": { "0": { "type": "ipv4-addr", "value": "192.168.11.66", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "TEVFRjoxLjB8Qml0OXxQYXJpdHl8MTkyLjE2OC4wLjF8TmV3X2ZpbGVfb25fbmV0d29ya3xjYXQ9RGlzY292ZXJ5CXNldj00CWRldlRpbWU9SnVuIDE0IDIwMTAgMTA6MjU6MzUuMDAwIFVUQwltc2c9U2VydmVyIGRpc2NvdmVyZWQgbmV3IGZpbGUgJ2M6XFByb2dyYW0gRmlsZXNcUVJhZGFyXGZpbGUxLmV4dCcgCWV4dGVybmFsSWQ9MTIJc3JjPTE5Mi4xNjguMTEuNjYJc3JjSG9zdE5hbWU9Q0xJTwlzcmNQcm9jZXNzPWM6XFByb2dyYW0gRmlsZXNcUVJhZGFyX3YxXEFkbWluaXN0cmF0b3IJZmlsZVBhdGg9YzpcUHJvZ3JhbSBGaWxlc1xRUmFkYXJcZmlsZTEuZXh0CWZpbGVOYW1lPXVhdF9maWxlLmV4ZQlmaWxlSGFzaD1iMGFiNzA3NmIwZmU0Yjc1OGQ4ZTY2MjI2MDVkOTQyMDRjYzFiNTViYWY3MTgxMjljYWZlNzUwZDgzNWZmYjIxCWZpbGVJZD00Mglwb2xpY3k9RGVmYXVsdCBQb2xpY3kJZHN0SG9zdD1tZWdhbmUK" }, "6": { "type": "file", "name": "uat_file.exe", "hashes": { "SHA-256": "b0ab7076b0fe4b758d8e6622605d94204cc1b55baf718129cafe750d835ffb21" } }, "7": { "type": "directory", "path": "c:\\Program Files\\QRadar" } }, "x_ibm_ariel": { "event_name": "New File On Network", "qid": 59500044, "category_name": "Alert", "category_id": 8060, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 73, "device_type": 230, "log_source_type_name": "Bit9 Security Platform", "log_source_name": "Bit9 Security Platform @ 127.0.0.1", "direction": "L2R", "identity_ip": "0.0.0.0", "magnitude": 5, "severity": 4, "credibility": 5, "relevance": 6, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100555", "100249", "100246", "100200" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "Context is Local to Remote" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:24:50.777Z", "last_observed": "2020-09-30T16:25:50.777Z", "number_observed": 1 }, { "id": "observed-data--aafbbf8c-c3a0-4aad-9903-6aca2a18adbf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.374Z", "modified": "2020-09-30T16:27:49.374Z", "objects": { "0": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAxIDEyNy4wLjAuMSBbZGldIFtJTkZPXSBbTk9UOjAxOTAwMTYxMDBdWzkuMjguMjM0LjE2OS8tIF1bLS8tIC1dIExFRUY6MS4wfFFSYWRhcnxEZWZlY3QgSW5zcGVjdG9yfDcuMy4yfGFwYXI9SU5JVElBTC1SVU58bWVzc2FnZT1hcGFyLWZpbmRlci1yYW4K" } }, "x_ibm_ariel": { "event_name": "Defect Inspector", "qid": 38750160, "category_name": "System Error", "category_id": 8007, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 4, "severity": 4, "credibility": 10, "relevance": 1, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100207", "100555", "100252", "100249", "100246", "100355" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "Source Address is a Bogon IP", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:CategoryDefinition: System Errors and Failures", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "userNameAdmin" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:02.284Z", "last_observed": "2020-09-30T16:25:02.284Z", "number_observed": 1 }, { "id": "observed-data--37b0bc98-791a-499c-9c4c-ebe53cb185c8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.393Z", "modified": "2020-09-30T16:27:49.393Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAyIDEyNy4wLjAuMSAgW1RjcFN5c2xvZygwLjAuMC4wLzUxNCkgUHJvdG9jb2wgUHJvdmlkZXIgVGhyZWFkOiBjbGFzcyBjb20ucTFsYWJzLnNlbXNvdXJjZXMuc291cmNlcy50Y3BzeXNsb2cuVGNwU3lzbG9nUHJvdmlkZXIwXSBjb20ucTFsYWJzLnNlbXNvdXJjZXMuc291cmNlcy50Y3BzeXNsb2cuVGNwU3lzbG9nUHJvdmlkZXI6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1UY3BTeXNsb2coMC4wLjAuMC81MTQpIHJlYWQgZmFpbGVkLCBjb25uZWN0aW9uIHJlc2V0IGZyb20gOS4yOC4yMzQuMTY5Cg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:02.284Z", "last_observed": "2020-09-30T16:25:02.284Z", "number_observed": 1 }, { "id": "observed-data--08455711-c680-451b-a895-842ff2e98c7b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.413Z", "modified": "2020-09-30T16:27:49.413Z", "objects": { "0": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAyIDEyNy4wLjAuMSBbZGldIFtJTkZPXSBbTk9UOjAxOTAwMTYxMDBdWzkuMjguMjM0LjE2OS8tIF1bLS8tIC1dIExFRUY6MS4wfFFSYWRhcnxEZWZlY3QgSW5zcGVjdG9yfDcuMy4yfGFwYXI9fG1lc3NhZ2U9Q2Fubm90IHJ1biBkZWZlY3QtaW5zcGVjdG9yIG9uIGxhcmdlIGZpbGUgZHVyaW5nIGxvZ3JvdGF0ZS58ZmlsZW5hbWU9L3Zhci9sb2cvcXJhZGFyLmxvZ3xmaWxlc2l6ZT04MDdNfAo=" } }, "x_ibm_ariel": { "event_name": "Defect Inspector", "qid": 38750160, "category_name": "System Error", "category_id": 8007, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 4, "severity": 4, "credibility": 10, "relevance": 1, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100207", "100555", "100252", "100249", "100246", "100355" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "Source Address is a Bogon IP", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:CategoryDefinition: System Errors and Failures", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "userNameAdmin" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:02.284Z", "last_observed": "2020-09-30T16:25:02.284Z", "number_observed": 1 }, { "id": "observed-data--00add0f1-fd8b-4559-b599-bdc256912273", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.431Z", "modified": "2020-09-30T16:27:49.431Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAyIDEyNy4wLjAuMSAgW0Fzc2V0UHJvZmlsZXJMb2dUaW1lcl0gY29tLnExbGFicy5hc3NldHByb2ZpbGUudGltZXJ0YXNrLkFzc2V0UGVyc2lzdGVuY2VMb2dUaW1lclRhc2s6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1Bc3NldCBQZXJzaXN0ZW5jZSAtIEFzc2V0cyBzZWVuIHdpdGggdG9vIG1hbnkgb3BlbiBwb3J0cyAobGFzdCBtaW51dGUpOiBOb25lCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:02.284Z", "last_observed": "2020-09-30T16:25:02.284Z", "number_observed": 1 }, { "id": "observed-data--b34856bb-aea6-4966-aac8-27b630c6cb84", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.451Z", "modified": "2020-09-30T16:27:49.451Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAyIDEyNy4wLjAuMSAgW0Fzc2V0UHJvZmlsZXJMb2dUaW1lcl0gY29tLnExbGFicy5hc3NldHByb2ZpbGUudGltZXJ0YXNrLkFzc2V0UGVyc2lzdGVuY2VMb2dUaW1lclRhc2s6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1Bc3NldCBQZXJzaXN0ZW5jZSBTdGF0aXN0aWNzIC0gTGFzdCA2MCBzZWNvbmRzIChjb3VudC90aW1lKTogW1RPVEFMOiAwLzAuMDAwc2VjXQo=" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:02.284Z", "last_observed": "2020-09-30T16:25:02.284Z", "number_observed": 1 }, { "id": "observed-data--0157381f-a1e8-492c-b838-a406c753eb20", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.471Z", "modified": "2020-09-30T16:27:49.471Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjAyIDEyNy4wLjAuMSAgW1RjcFN5c2xvZygwLjAuMC4wLzUxNCkgUHJvdG9jb2wgUHJvdmlkZXIgVGhyZWFkOiBjbGFzcyBjb20ucTFsYWJzLnNlbXNvdXJjZXMuc291cmNlcy50Y3BzeXNsb2cuVGNwU3lzbG9nUHJvdmlkZXIwXSBjb20ucTFsYWJzLnNlbXNvdXJjZXMuc291cmNlcy50Y3BzeXNsb2cuVGNwU3lzbG9nUHJvdmlkZXI6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1UY3BTeXNsb2coMC4wLjAuMC81MTQpIHJlYWQgZmFpbGVkLCBjb25uZWN0aW9uIHJlc2V0IGZyb20gOS4yOC4yMzQuMTY5Cg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:02.284Z", "last_observed": "2020-09-30T16:25:02.284Z", "number_observed": 1 }, { "id": "observed-data--cfaa4a35-7381-432d-81f6-1695985d7464", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.489Z", "modified": "2020-09-30T16:27:49.489Z", "objects": { "0": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "MjAwOS0wNS0xOCAxOTo1MzozMCA1NSAxNjcuNzEuNy4yMzEganR1bWJyaWRnZSBHR0NcUHJveHklMjAtJTIwU3RhbmRhcmQgLSBPQlNFUlZFRCAiU3BvcnRzL1JlY3JlYXRpb24iIGh0dHA6Ly93d3cudWF0aWJtdGV0LmNvbS8gMjAwIFRDUF9SRUZSRVNIX01JU1MgR0VUIHRleHQvaHRtbCBodHRwIG1zbi5mb3hzcG9ydHMuY29tIDgwIC93aWRnZXQvc2VjdGlvbmZyb250L2FsZXJ0ID9jYXRlZ29yeUlkPTU3NzYgLSAiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNi4wOyBXaW5kb3dzIE5UIDUuMTsgU1YxOyBJbmZvUGF0aC4xOyAuTkVUIENMUiAxLjEuNDMyMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjAuMDQ1MDYuMzA7IC5ORVQgQ0xSIDMuMC4wNDUwNi42NDgpIiAxNzIuMTYuMS4zNSAzMTYgNzU2IC0K" } }, "x_ibm_ariel": { "event_name": "Unknown DataSecure system event", "qid": 87250052, "category_name": "Unknown", "category_id": 10001, "high_level_category_name": "Unknown", "high_level_category_id": 10000, "log_source_id": 71, "device_type": 341, "log_source_type_name": "SafeNet DataSecure/KeySecure", "log_source_name": "SafeNet DataSecure\\/KeySecure @ 127.0.0.1", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 4, "credibility": 5, "relevance": 1, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100207", "100555", "100249", "100246", "100355" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "Source Address is a Bogon IP", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "userNameAdmin" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:24:53.778Z", "last_observed": "2020-09-30T16:25:53.778Z", "number_observed": 1 }, { "id": "observed-data--1b2a38d0-c12c-4ef9-8073-53c189ca6e28", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.507Z", "modified": "2020-09-30T16:27:49.507Z", "objects": { "0": { "type": "ipv4-addr", "value": "192.168.1.3", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "TEVFRjoxLjB8Qml0OXxQYXJpdHl8MTkyLjE2OC4wLjF8TmV3X2ZpbGVfb25fbmV0d29ya3xjYXQ9RGlzY292ZXJ5CXNldj00CWRldlRpbWU9SnVuIDE0IDIwMTAgMTA6MjU6MzUuMDAwIFVUQwltc2c9U2VydmVyIGRpc2NvdmVyZWQgbmV3IGZpbGUgJ2M6XFByb2dyYW0gRmlsZXNcUVJhZGFyXGZpbGUxLmV4dCcgWzQyMGJiNjE0N2NhMDkxYTIyZjhmNWJiYmI0OWQ1MWYzXS4JZXh0ZXJuYWxJZD0xMglzcmM9MTkyLjE2OC4xLjMJc3JjSG9zdE5hbWU9Q0xJTwlzcmNQcm9jZXNzPWM6XFByb2dyYW0gRmlsZXNcUVJhZGFyX3YxXEFkbWluaXN0cmF0b3IJZmlsZVBhdGg9YzpcUHJvZ3JhbSBGaWxlc1xRUmFkYXJcZmlsZTEuZXh0CWZpbGVOYW1lPW5ld3NpZC5leGUJZmlsZUhhc2g9NDIwYmI2MTQ3Y2EwOTFhMjJmOGY1YmJiYjQ5ZDUxZjMJZmlsZUlkPTQyCXBvbGljeT1EZWZhdWx0IFBvbGljeQlkc3RIb3N0PW1lZ2FuZSAgCg==" }, "6": { "type": "file", "name": "newsid.exe", "hashes": { "MD5": "420bb6147ca091a22f8f5bbbb49d51f3" } }, "7": { "type": "directory", "path": "c:\\Program Files\\QRadar" } }, "x_ibm_ariel": { "event_name": "New File On Network", "qid": 59500044, "category_name": "Alert", "category_id": 8060, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 73, "device_type": 230, "log_source_type_name": "Bit9 Security Platform", "log_source_name": "Bit9 Security Platform @ 127.0.0.1", "direction": "L2R", "identity_ip": "0.0.0.0", "magnitude": 5, "severity": 4, "credibility": 5, "relevance": 6, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100555", "100249", "100246", "100200" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "Context is Local to Remote" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:24:54.482Z", "last_observed": "2020-09-30T16:25:54.482Z", "number_observed": 1 }, { "id": "observed-data--291fddde-6e40-49c3-ac96-19cb46d6d722", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.530Z", "modified": "2020-09-30T16:27:49.530Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--9cb10d11-f062-4696-9128-6cdda800e83e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.548Z", "modified": "2020-09-30T16:27:49.548Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--864bbdf4-360e-4f39-b725-bb224689df6c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.567Z", "modified": "2020-09-30T16:27:49.567Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--67f0c205-c431-4e82-920e-a2de83cb0cf7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.585Z", "modified": "2020-09-30T16:27:49.585Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--5d904918-f5d8-4c9f-af18-f22b4af3d31b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.604Z", "modified": "2020-09-30T16:27:49.604Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--31685567-5a57-4d56-9466-ffead0e6e5fc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.625Z", "modified": "2020-09-30T16:27:49.625Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--cb2bbb87-3ac3-4657-affe-5467eb78d354", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.645Z", "modified": "2020-09-30T16:27:49.645Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjU5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--d4105fd0-db3e-4749-a5c8-c60178a4b4b9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.664Z", "modified": "2020-09-30T16:27:49.664Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DdXJyZW50SG9zdHNUcmFja2luZ0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--dec44f64-d1d4-4d1c-b50d-70c93bfc7ab1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.683Z", "modified": "2020-09-30T16:27:49.683Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--90a3c5ea-d6a6-4140-99b7-137703c3d5c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.702Z", "modified": "2020-09-30T16:27:49.702Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFJhdGVFUE1vbglEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjMuODUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--96222b2d-29c5-463d-93b1-9d480c05bdd1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.722Z", "modified": "2020-09-30T16:27:49.722Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--6eee9a91-7d95-4239-b6ae-64af6c4e010c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.741Z", "modified": "2020-09-30T16:27:49.741Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--fdddbbdc-a586-4818-9edc-90b5c9ca36d0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.760Z", "modified": "2020-09-30T16:27:49.760Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMDg4NjgwNDkzMzMzMzMzMzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--71358f64-a970-4f2d-830a-2ad093ec0aa8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.780Z", "modified": "2020-09-30T16:27:49.780Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVRdWV1ZVNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--62ff404c-ef14-4052-a3e4-f64f32b204ca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.800Z", "modified": "2020-09-30T16:27:49.800Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--b9e838b3-0352-4dbd-90bd-d7b7945ba660", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.821Z", "modified": "2020-09-30T16:27:49.821Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--cc5cb7ea-c6b5-4d93-aa49-e1e9f4aa3434", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.840Z", "modified": "2020-09-30T16:27:49.840Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--e1d3d8fc-bea4-45ef-854b-6a2ce92e05c1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.859Z", "modified": "2020-09-30T16:27:49.859Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--26537729-3472-4344-bb32-a2c0db2907e4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.876Z", "modified": "2020-09-30T16:27:49.876Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--b7c2f375-081c-4b4c-969b-2cf946cde328", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.893Z", "modified": "2020-09-30T16:27:49.893Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--40d054e3-c041-4210-ae28-44e8900926a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.910Z", "modified": "2020-09-30T16:27:49.910Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcwODQ4ODIzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--da3668b9-db01-4578-973a-12f5faaae930", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.927Z", "modified": "2020-09-30T16:27:49.927Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwODU3ODYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--da9c6102-c12d-487d-bba1-107e18595430", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.943Z", "modified": "2020-09-30T16:27:49.943Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTU5MTE3NTY4MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--2dfc5eb6-9ab5-4302-96c6-d76024d9f844", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.960Z", "modified": "2020-09-30T16:27:49.960Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA4NTc3MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--f0eb6cdd-1bb2-4389-b00b-11747b45108d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.978Z", "modified": "2020-09-30T16:27:49.978Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MDE1NTY1MjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--06e4471e-8dd4-4c55-9373-c5d91d04dc19", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:49.996Z", "modified": "2020-09-30T16:27:49.996Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--9c072926-cf13-4918-99ee-82e895f4183b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.013Z", "modified": "2020-09-30T16:27:50.013Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--43a3db92-fde3-4c1b-b51d-88afa36de2e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.029Z", "modified": "2020-09-30T16:27:50.029Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--783702d8-d41a-4f07-bf49-799c9802232e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.046Z", "modified": "2020-09-30T16:27:50.046Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXdBbmRVcGRhdGVkSG9zdHNDb3VudEN1cnJlbnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--f70e54dd-83ef-4a80-b304-37849393c894", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.064Z", "modified": "2020-09-30T16:27:50.064Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA4NjY0OTYwODMzNTA5OTA1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--59595476-6f07-4e85-bfc6-7304da8fa6ce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.082Z", "modified": "2020-09-30T16:27:50.082Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNDgyNDEwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--596e16d1-7f82-497d-b6c2-0457f9ce2b64", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.099Z", "modified": "2020-09-30T16:27:50.099Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcwODQ4ODIzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--59ad0aff-aadb-40d0-b0a8-8d08a85917a2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.115Z", "modified": "2020-09-30T16:27:50.116Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--48e3e667-1f8f-48e5-b718-0bd0d78b1b9e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.132Z", "modified": "2020-09-30T16:27:50.132Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjY2NjAyMjIxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--24a1d4a4-5c43-4d56-abb9-169dd437d11a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.152Z", "modified": "2020-09-30T16:27:50.152Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--26a4c8f7-6205-4c9c-ab85-6e18e4fd94d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.169Z", "modified": "2020-09-30T16:27:50.169Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00NDE2MTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--d2c4f3ff-dcb6-4c1e-a4ca-7ce82c982a2b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.186Z", "modified": "2020-09-30T16:27:50.186Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--14b71f00-1cb7-4ec3-8994-af85ab88ccca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.203Z", "modified": "2020-09-30T16:27:50.203Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--75d5d4c6-9a65-4a59-b418-436941730ba9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.219Z", "modified": "2020-09-30T16:27:50.219Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTU5MTE3NTY4MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--c8d02144-9aa1-4f2e-8c4f-94ea05f006bb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.235Z", "modified": "2020-09-30T16:27:50.235Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTEwMC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--0f6b5691-498e-48be-b1d8-5abaa921ea17", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.252Z", "modified": "2020-09-30T16:27:50.252Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--f00b9307-fb3a-41af-9daa-13658a187a9c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.268Z", "modified": "2020-09-30T16:27:50.268Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--9150b9ac-cb2d-48be-ad27-0f832b9033e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.285Z", "modified": "2020-09-30T16:27:50.285Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1BcHBzUmVwb3J0ZWRJbkxhc3RSZXBvcnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--f8190196-4061-4cc5-a3ca-095fdd5906ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.301Z", "modified": "2020-09-30T16:27:50.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMDQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--3870ad2b-a35b-45bb-85c8-6a407cc762d3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.320Z", "modified": "2020-09-30T16:27:50.320Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--20b96f2c-e7cf-4196-9f77-1571e9a83964", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.337Z", "modified": "2020-09-30T16:27:50.337Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0U3RvcHdhdGNoVHhUaW1lTXMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--b374aa6c-bbe0-437b-ad9f-a1e65a034f1d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.354Z", "modified": "2020-09-30T16:27:50.354Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIyMTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--c213af47-1f68-4fd9-948c-35d4ea15a7d7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.371Z", "modified": "2020-09-30T16:27:50.371Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwNzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--6acea3e9-e5d7-48d4-bd3c-0dd57d46fae9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.389Z", "modified": "2020-09-30T16:27:50.389Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--583305d2-50b8-4800-890f-0e8270043354", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.406Z", "modified": "2020-09-30T16:27:50.406Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--fd6c917d-174f-410c-838b-cdf5b83ace66", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.423Z", "modified": "2020-09-30T16:27:50.423Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--ecff3789-b252-4809-8087-125ba41e1397", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.443Z", "modified": "2020-09-30T16:27:50.443Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTA4NDk1MzYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--3bcb1251-6394-4ea4-a0dc-f4c08afefc96", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.461Z", "modified": "2020-09-30T16:27:50.461Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjYxMzQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--1dc62376-9ea9-4a31-b6d1-ee23c39e43ca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.480Z", "modified": "2020-09-30T16:27:50.480Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0aW5nVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNDIyNDM2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--b8c33438-d531-4e0e-ba51-92a754339247", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.498Z", "modified": "2020-09-30T16:27:50.498Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--12bf37ec-b6b4-4203-97a9-3eb83807316d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.515Z", "modified": "2020-09-30T16:27:50.515Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zODIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--53260c98-0814-4765-8612-3a2e699b9596", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.535Z", "modified": "2020-09-30T16:27:50.535Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--bee7ff0f-5ee3-466e-9338-c8fd7087fd4d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.554Z", "modified": "2020-09-30T16:27:50.554Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY0Rpc2tTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--1fb178e6-d3f8-4b98-b11d-3bc6c915c398", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.576Z", "modified": "2020-09-30T16:27:50.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjUwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--efa1852c-79c6-475e-861e-56050b6e0c2d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.597Z", "modified": "2020-09-30T16:27:50.597Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyRGlza1NpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--9e77a25f-c8cc-4fc9-a2e0-2c94d38e96c4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.621Z", "modified": "2020-09-30T16:27:50.621Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--c8da3141-7dbd-4433-8654-1584a5389935", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.643Z", "modified": "2020-09-30T16:27:50.643Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--4b31d4b0-4c3a-402f-ad7a-44a65747e8b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.665Z", "modified": "2020-09-30T16:27:50.665Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--0a52e3c3-70d7-4b50-aee6-e727f418ecbe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.687Z", "modified": "2020-09-30T16:27:50.687Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--e05fb836-0bf9-473a-b226-98dd59c29868", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.707Z", "modified": "2020-09-30T16:27:50.707Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM2MjM2MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--79aa7ed4-1330-4c6a-b078-348e83504768", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.726Z", "modified": "2020-09-30T16:27:50.726Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--43ef1dfd-7a5f-469d-9992-771d9affd724", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.747Z", "modified": "2020-09-30T16:27:50.747Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--0c21f94a-05ac-438d-b639-6829627b25fa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.767Z", "modified": "2020-09-30T16:27:50.767Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fb408ee9-f914-4cde-92cb-83db9a9893a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.787Z", "modified": "2020-09-30T16:27:50.787Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjAwOTkzNDk2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--a5e7b57c-aa71-40be-a5ac-a864cb78b7e9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.807Z", "modified": "2020-09-30T16:27:50.807Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwMzI2Mjk4NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b5cba10d-7c91-4e39-bc32-b66a17e0775c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.826Z", "modified": "2020-09-30T16:27:50.826Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--090d9592-0568-4e26-b891-c3801875d66d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.846Z", "modified": "2020-09-30T16:27:50.846Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MjQ5Njk0NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--8ca20051-0c3e-4b40-aef7-ce551436caad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.871Z", "modified": "2020-09-30T16:27:50.871Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5e09592c-8fa9-4757-b749-a3cad879f46a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.891Z", "modified": "2020-09-30T16:27:50.891Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNDk2OTMwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ea16e47e-6e58-45af-b642-e65fc471c6d1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.911Z", "modified": "2020-09-30T16:27:50.911Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwNDIyOTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--63caeddb-f522-4b49-9a52-7ec35830d555", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.931Z", "modified": "2020-09-30T16:27:50.931Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--309033f2-86da-4b57-be13-fdddf61bb580", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.952Z", "modified": "2020-09-30T16:27:50.952Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d4421803-b089-4e3d-a7f6-869912e3e7da", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.971Z", "modified": "2020-09-30T16:27:50.971Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM2MjM2MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--643800b3-78ee-4d88-9884-93e3bd808afd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:50.990Z", "modified": "2020-09-30T16:27:50.990Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--1667dbe5-74e0-4f2a-a8c8-ed57fc87eef9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.009Z", "modified": "2020-09-30T16:27:51.009Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE4ODY3MTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d208acad-a5f2-4f0d-9a60-6c9bf14d6d5e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.027Z", "modified": "2020-09-30T16:27:51.027Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7b8195bc-d383-4486-9dba-3abb7c7857eb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.047Z", "modified": "2020-09-30T16:27:51.047Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2551a5b3-558e-4941-8cb1-a39a031f059d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.069Z", "modified": "2020-09-30T16:27:51.069Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Mjg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d6c85acb-d08e-4907-af85-cae0eeec0ce1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.088Z", "modified": "2020-09-30T16:27:51.088Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--77630d3e-5eaa-4004-85f4-45c7514c6e59", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.108Z", "modified": "2020-09-30T16:27:51.108Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--4c529824-849a-4be7-bb47-07aa3aedbc44", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.127Z", "modified": "2020-09-30T16:27:51.127Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ae7d677f-6789-414c-97a8-bf54a0836f2e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.145Z", "modified": "2020-09-30T16:27:51.145Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjEyNjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--492fca8e-2d6e-47e9-9a0d-62fe66db4dd8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.165Z", "modified": "2020-09-30T16:27:51.165Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ5NTgyODk5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c234aaf1-3d54-4e5a-9a42-7105d05d43b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.185Z", "modified": "2020-09-30T16:27:51.185Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY1NwaWxsRmlsZXNDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fe908720-674d-4a37-8ec0-f75140d27a3f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.205Z", "modified": "2020-09-30T16:27:51.205Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODIxNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--54e12cfa-f737-4707-94eb-e371a86f106d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.225Z", "modified": "2020-09-30T16:27:51.225Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjQ1MzA5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--dc196d21-20af-4051-87d4-0d7fcfb1e1a6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.245Z", "modified": "2020-09-30T16:27:51.245Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5739de35-91fe-4894-ae9a-b4da33426dad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.266Z", "modified": "2020-09-30T16:27:51.267Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c8927b56-f9b5-4844-8621-63ec9569c174", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.285Z", "modified": "2020-09-30T16:27:51.285Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e36e260c-0485-40c8-ab44-bf69362312fa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.304Z", "modified": "2020-09-30T16:27:51.304Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--4e34ff02-07ea-459f-9bef-583538cf947b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.324Z", "modified": "2020-09-30T16:27:51.324Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--185249f3-f069-4fab-a76d-710b882d515e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.343Z", "modified": "2020-09-30T16:27:51.343Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2ddae64b-eee0-405b-9438-ee1389eb593f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.362Z", "modified": "2020-09-30T16:27:51.362Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODMwMTM0NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d63c144e-1a10-4ec5-8033-2606832fc71b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.381Z", "modified": "2020-09-30T16:27:51.381Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--82a3b491-d625-464c-b96a-74c790b9155e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.400Z", "modified": "2020-09-30T16:27:51.400Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODYwMDY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--62c5c2ae-38cf-4150-b388-fe948a11f924", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.420Z", "modified": "2020-09-30T16:27:51.420Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--96066ea1-8d51-4c54-b8ee-48416f6b0630", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.444Z", "modified": "2020-09-30T16:27:51.444Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMDI2MTUwMzc2ODYxMzY0ODc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--718c3e97-6011-4158-9b08-5d6051f2a445", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.464Z", "modified": "2020-09-30T16:27:51.464Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjg2MDA5MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c1a667b5-d2fc-41e4-a2e6-9da196cffa08", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.485Z", "modified": "2020-09-30T16:27:51.485Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTYyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b13c15cf-4c42-498f-b070-29865e562b7b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.504Z", "modified": "2020-09-30T16:27:51.504Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzNzI0MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fbb1289d-86fd-48df-9e23-94ded574aa13", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.523Z", "modified": "2020-09-30T16:27:51.523Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My40ODYzNTU4MTE5MzEwODhFLTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ff3c1650-29c1-49fa-b6ff-21042de58ec0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.542Z", "modified": "2020-09-30T16:27:51.542Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ee8761e2-21db-4fe0-98ba-8e4063f0b364", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.561Z", "modified": "2020-09-30T16:27:51.561Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d822be40-07b7-4ef7-8ff5-754cbf3bd6f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.581Z", "modified": "2020-09-30T16:27:51.581Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--738d3141-af9c-4087-a93e-ecb357fe9495", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.600Z", "modified": "2020-09-30T16:27:51.600Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--bec2aa00-75f4-465d-b0d1-ee210eb29894", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.622Z", "modified": "2020-09-30T16:27:51.622Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NDE1OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--af0787ec-e38f-4c06-97a7-89f850402ecb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.642Z", "modified": "2020-09-30T16:27:51.642Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODUwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d3ebccc5-36f8-4077-a899-0476ae75de41", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.661Z", "modified": "2020-09-30T16:27:51.661Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--47981a57-dec1-41fd-8cfa-343408a9f2d0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.681Z", "modified": "2020-09-30T16:27:51.681Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--11f68275-380b-4d09-b5fd-c45a671372e5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.701Z", "modified": "2020-09-30T16:27:51.701Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--44b6a8bc-1d98-4589-a969-25164831f3d6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.720Z", "modified": "2020-09-30T16:27:51.720Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMxNTM2NzQyNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--a4ab6b7a-be15-47d1-a236-f9fd8ccca0dc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.740Z", "modified": "2020-09-30T16:27:51.740Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04NTU0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c7432ee8-461b-4542-b6a6-31ed397c6a11", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.759Z", "modified": "2020-09-30T16:27:51.759Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTQxODE3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0f8e1c28-1b7c-4fff-bb6e-1d6e3e2a376a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.778Z", "modified": "2020-09-30T16:27:51.778Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--faa8a402-7f18-446d-9192-a0c22f926b9d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.797Z", "modified": "2020-09-30T16:27:51.797Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--a4d34d65-1e62-4bd3-97f2-6145550a019c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.818Z", "modified": "2020-09-30T16:27:51.818Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f11a3788-3686-4d95-bdcc-e2e29b27f4cd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.838Z", "modified": "2020-09-30T16:27:51.838Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--20108722-cb87-4409-be83-3bf56522c972", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.857Z", "modified": "2020-09-30T16:27:51.857Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0f672d04-4f6e-4221-8538-805317d06211", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.876Z", "modified": "2020-09-30T16:27:51.876Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--4b021ceb-9c79-4e0e-9ead-9058897ba640", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.895Z", "modified": "2020-09-30T16:27:51.895Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d0956c6c-849b-4223-94d5-b237a7b397c3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.914Z", "modified": "2020-09-30T16:27:51.914Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwNTM2NzUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e28986db-285d-4628-a723-9e2e5b2bed1a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.933Z", "modified": "2020-09-30T16:27:51.933Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA1MzY1Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--807dcb51-d2da-448c-ac38-f3961ed16784", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.953Z", "modified": "2020-09-30T16:27:51.953Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTU2MTAwNDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--05ebfe6d-9f41-4ee0-967c-30bb5dc2897b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.972Z", "modified": "2020-09-30T16:27:51.972Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zOTE5NzAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--10ff3f66-5913-4255-be23-a9bc03d67146", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:51.991Z", "modified": "2020-09-30T16:27:51.991Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c5455b19-7e44-4983-ac0c-8974941b70a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.012Z", "modified": "2020-09-30T16:27:52.012Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--75f9a80c-521d-4450-89b9-b8be14980227", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.032Z", "modified": "2020-09-30T16:27:52.032Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--59c45f2a-8db3-4c26-b5a3-34b4b9c577f6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.051Z", "modified": "2020-09-30T16:27:52.051Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNDUyNDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d184406c-ac98-42c2-89bd-82263eac802b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.070Z", "modified": "2020-09-30T16:27:52.070Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2baada63-5309-43c7-8f09-bce82519cee8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.089Z", "modified": "2020-09-30T16:27:52.089Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MDkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--4507e054-b5fe-44c0-9d65-c1ec20dc0a27", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.108Z", "modified": "2020-09-30T16:27:52.108Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgyODEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--deb69933-e727-4215-b1cd-3affb92d3a3b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.128Z", "modified": "2020-09-30T16:27:52.128Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d4af724b-63d3-48ae-a0b5-6407159fe801", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.147Z", "modified": "2020-09-30T16:27:52.147Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0a0c733a-bc02-4688-a895-5a1b01808f6b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.167Z", "modified": "2020-09-30T16:27:52.167Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c1d8bad1-cf99-49ff-80a6-15c9e2f9e6a6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.188Z", "modified": "2020-09-30T16:27:52.188Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fa573565-33ac-4169-8643-aff2bb29fcef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.207Z", "modified": "2020-09-30T16:27:52.207Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ab330efa-41fb-4501-a8b4-92006850ae42", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.226Z", "modified": "2020-09-30T16:27:52.226Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA5MzAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3624fc51-4281-4df1-b074-4e62fb69a7e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.246Z", "modified": "2020-09-30T16:27:52.246Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDE4MDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--58823fbe-c69e-4f5e-b8da-091aa390c5fd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.266Z", "modified": "2020-09-30T16:27:52.266Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.509Z", "last_observed": "2020-09-30T16:25:05.509Z", "number_observed": 1 }, { "id": "observed-data--c7cd1803-69ef-4d25-88fd-d31e2579c36c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.285Z", "modified": "2020-09-30T16:27:52.285Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3ccedf0a-1ff5-4fdd-a85c-a3932ff21836", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.304Z", "modified": "2020-09-30T16:27:52.304Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f522e14f-7b19-4ea4-b284-b93fb11c8bb8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.323Z", "modified": "2020-09-30T16:27:52.323Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0c9626ec-bfc8-4660-9f4d-8de45dc64740", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.342Z", "modified": "2020-09-30T16:27:52.342Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzI0MTI2NzIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3e41b7df-3070-4b7f-9110-c6f41636aa45", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.361Z", "modified": "2020-09-30T16:27:52.361Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--49baa2be-8c38-49bf-a0ef-59c5b02b0773", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.383Z", "modified": "2020-09-30T16:27:52.383Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f87121d3-744c-4cf3-9675-945330be40bd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.403Z", "modified": "2020-09-30T16:27:52.403Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--52fcbf53-29a0-4297-900d-a919cc511610", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.424Z", "modified": "2020-09-30T16:27:52.424Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03NDQ1Mzk3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b7ec576f-d1a8-4c96-9f4b-42f798439b39", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.444Z", "modified": "2020-09-30T16:27:52.444Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI5NjUwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--23860e0d-5652-4d18-a90c-38fa7e3f6487", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.464Z", "modified": "2020-09-30T16:27:52.464Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3d4c344b-a9d6-4f70-85fd-72718bd9b263", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.483Z", "modified": "2020-09-30T16:27:52.483Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI2NDE1Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e44d34b5-bf52-42e7-955f-ca883cc15627", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.503Z", "modified": "2020-09-30T16:27:52.503Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjk2NTAzMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b34ac51d-67e0-4535-b5aa-73742463d5e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.522Z", "modified": "2020-09-30T16:27:52.522Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--aa02791a-4a8e-4ddd-8ceb-da45415cdc97", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.541Z", "modified": "2020-09-30T16:27:52.541Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--74a496d4-2c81-468c-9a66-a8ccd1391da5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.561Z", "modified": "2020-09-30T16:27:52.561Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjc0MDAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--1c6e64c5-b67e-4009-8e00-a0d2f007eefd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.582Z", "modified": "2020-09-30T16:27:52.582Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ce2fcb01-045f-4794-8863-e0eaa322d8af", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.602Z", "modified": "2020-09-30T16:27:52.602Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fdd7d4c7-fdf0-4ecf-ae37-c63775897482", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.621Z", "modified": "2020-09-30T16:27:52.621Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7226cf20-405f-4bb8-a964-539db6856943", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.641Z", "modified": "2020-09-30T16:27:52.641Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuMjExNzgyNDQzNTUxNjA4N0UtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--8055c70d-532b-4eab-aa55-15b7e4640782", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.660Z", "modified": "2020-09-30T16:27:52.660Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--a7028c26-8522-4e43-a9de-ab43139b066b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.680Z", "modified": "2020-09-30T16:27:52.680Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5d5f1abd-f8b8-4ce2-b320-352825e3fc7b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.699Z", "modified": "2020-09-30T16:27:52.699Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNDI1NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--72b099e2-6955-4afc-8e6f-ac529146b6ff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.719Z", "modified": "2020-09-30T16:27:52.719Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--28f66bbd-fc9b-45e4-8c3a-c933fe93ee16", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.738Z", "modified": "2020-09-30T16:27:52.739Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c2de4a0c-18fb-41ab-a82a-3861c24fa8bd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.761Z", "modified": "2020-09-30T16:27:52.761Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzMyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e61f999c-44a2-4b6f-bfba-23aa0fd9b428", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.780Z", "modified": "2020-09-30T16:27:52.780Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyOTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--23b3f685-d2a9-45ab-8663-4809d89a394a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.800Z", "modified": "2020-09-30T16:27:52.800Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY0MTAzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f6b962fd-663b-4d5f-bb0f-391f7b02dd46", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.820Z", "modified": "2020-09-30T16:27:52.820Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--443f0c03-3a9b-4b7f-8817-6ed015cb6758", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.839Z", "modified": "2020-09-30T16:27:52.839Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1OTk5NTQ4MDcyNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e99c719d-3212-4a3c-aecf-76ef359dc3be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.858Z", "modified": "2020-09-30T16:27:52.858Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xOTY1ODM0MjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0a1ac605-7e35-428c-a606-75668648a5a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.880Z", "modified": "2020-09-30T16:27:52.880Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--15f42727-28f4-4d1c-8a3a-d1f9288f8bed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.901Z", "modified": "2020-09-30T16:27:52.901Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--29a84604-902b-458b-9c2e-69c9f5eaad97", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.921Z", "modified": "2020-09-30T16:27:52.921Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fd5627e6-2cc3-4b60-9d96-88da707d1925", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:52.944Z", "modified": "2020-09-30T16:27:52.944Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d2241aa6-81d8-4abd-969e-c82e79c402dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.000Z", "modified": "2020-09-30T16:27:53.000Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ea674ae6-f176-42f6-b73d-fd384cfd5fe3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.022Z", "modified": "2020-09-30T16:27:53.022Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdFNwaWxsb3ZlclRocmVzaG9sZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTUwMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c12b3fd6-055a-47e7-87e5-c50a6ff5377f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.044Z", "modified": "2020-09-30T16:27:53.044Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudE9uRGlzawlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--4f9a4e53-2bef-4c3d-8115-ec06f35f3794", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.064Z", "modified": "2020-09-30T16:27:53.064Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0fc8b848-54c1-4773-931e-8a14425fa54c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.084Z", "modified": "2020-09-30T16:27:53.084Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--07078a70-9e85-4563-ac23-e9feec00df95", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.104Z", "modified": "2020-09-30T16:27:53.104Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI4ODUwMTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f2348082-5c05-456c-a452-45fdb2c92df1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.124Z", "modified": "2020-09-30T16:27:53.124Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ebb811d1-3861-4bb7-bf23-0668955a8a35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.143Z", "modified": "2020-09-30T16:27:53.143Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODg1MDMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--06b244a1-7f9a-459d-9d96-d55dc0219145", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.164Z", "modified": "2020-09-30T16:27:53.164Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM2MzE4MzA0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b4ad6d2a-4a86-407c-bb87-93a9d4cec8e9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.184Z", "modified": "2020-09-30T16:27:53.184Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjA3ODAwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--1f94af95-7480-4077-b020-90196be289e4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.203Z", "modified": "2020-09-30T16:27:53.203Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7ec4fe06-e849-4004-b2c8-f968dcf56a2d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.223Z", "modified": "2020-09-30T16:27:53.223Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--571c6524-43d0-427c-ab17-d9396e99be1e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.243Z", "modified": "2020-09-30T16:27:53.243Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--a09fae7a-832e-419c-bf99-b265aa711205", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.263Z", "modified": "2020-09-30T16:27:53.263Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c1b821f9-872f-4133-b1ee-f12936820815", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.282Z", "modified": "2020-09-30T16:27:53.282Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01LjIyOTgzMTA0NTIwMDI0NkUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--85998035-f859-436b-8b28-286fee5f4737", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.301Z", "modified": "2020-09-30T16:27:53.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--8816fbf3-e40a-4704-9650-74b6155fa3df", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.321Z", "modified": "2020-09-30T16:27:53.321Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--bde30ee7-5a90-4f0f-8161-9473a060b15e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.340Z", "modified": "2020-09-30T16:27:53.340Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7ecdadbc-f42e-4d1b-948c-382b7fb8ad8f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.361Z", "modified": "2020-09-30T16:27:53.361Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--da5a84c6-7fd7-46d7-9e21-2df3522e61b9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.381Z", "modified": "2020-09-30T16:27:53.381Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzQyOTA3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2994c4cb-f341-4cf7-9979-c9f64a082017", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.400Z", "modified": "2020-09-30T16:27:53.400Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c6a9211e-5fd2-4512-9745-e71db32c4243", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.419Z", "modified": "2020-09-30T16:27:53.419Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--9ae69aed-e057-440c-b385-d0359e20ee4a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.439Z", "modified": "2020-09-30T16:27:53.439Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--024935c3-596a-44de-9b51-0371481aff44", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.459Z", "modified": "2020-09-30T16:27:53.459Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--08e479dc-f152-45bc-bbde-d15d1d9f5f3e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.478Z", "modified": "2020-09-30T16:27:53.478Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05MTY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--43bcec6c-03dc-4b2a-b94e-b01fa5da4141", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.498Z", "modified": "2020-09-30T16:27:53.498Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkxNjcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--04bbd0da-6635-4e54-a9b1-104fa8365413", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.517Z", "modified": "2020-09-30T16:27:53.517Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudEluTWVtb3J5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2ad38b9a-9f07-4d37-bfdb-fa125b96731c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.536Z", "modified": "2020-09-30T16:27:53.536Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c4def5b6-32aa-4082-82b0-fefcd099bde1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.557Z", "modified": "2020-09-30T16:27:53.557Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTU5OTk1NDgwNzI0Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--136960f0-4fd9-44a7-bd99-d6898e28da26", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.576Z", "modified": "2020-09-30T16:27:53.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fe0b958d-c5bf-4dbb-9cb2-fc4e655bdb13", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.595Z", "modified": "2020-09-30T16:27:53.595Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--869b3ffa-bc24-491e-9654-724ba682e219", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.614Z", "modified": "2020-09-30T16:27:53.614Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTgyODcwMDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2c36bb68-ba29-49a3-9572-3f0cb46a0140", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.633Z", "modified": "2020-09-30T16:27:53.633Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c247534d-baf8-4eda-9f79-cec3c1f24fa8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.653Z", "modified": "2020-09-30T16:27:53.653Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY5OTA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7131188f-3786-4ae9-ab1d-1e52fda22439", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.671Z", "modified": "2020-09-30T16:27:53.671Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--02077522-f063-40ee-a894-1af88f075db7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.693Z", "modified": "2020-09-30T16:27:53.693Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--98f861de-050b-4c55-bd8d-b290cdee6e35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.714Z", "modified": "2020-09-30T16:27:53.714Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--bf1fc832-1640-4248-8e05-b8cd338f1e61", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.737Z", "modified": "2020-09-30T16:27:53.737Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2ddd6b1f-4c39-4053-a5bc-b0e14e018c2e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.757Z", "modified": "2020-09-30T16:27:53.757Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRDUFVVc2FnZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDAxMjE2NTQ2MDY0OTIzMDY1Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3823b3ca-8cef-4031-9643-46a8c93542fe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.776Z", "modified": "2020-09-30T16:27:53.776Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0e3d3ff0-94ca-4912-81fe-f5c5651b2343", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.797Z", "modified": "2020-09-30T16:27:53.797Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--a02ef137-43c2-4592-87dc-f533ec22e316", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.815Z", "modified": "2020-09-30T16:27:53.816Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExNDUwMzgwMDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5126a3f8-6d8a-4016-ba8c-fc4a34cc7e0b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.834Z", "modified": "2020-09-30T16:27:53.834Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--8832fea8-2fe5-465d-98b5-1ad872d07d84", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.850Z", "modified": "2020-09-30T16:27:53.850Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjc2MjkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--dc63bbdf-7a4e-41ee-a468-f443623cd03b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.866Z", "modified": "2020-09-30T16:27:53.866Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b2e9a96c-09b0-486a-a823-ea2968a2665b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.881Z", "modified": "2020-09-30T16:27:53.881Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNzYyODczCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e9786edb-2e60-4f12-b4bf-89de2c9caa53", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.896Z", "modified": "2020-09-30T16:27:53.896Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ3ODc4MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3262ec5d-ebd8-4a4c-b5d8-2dec91e135fc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.914Z", "modified": "2020-09-30T16:27:53.914Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--a7817307-0588-4d95-ba6e-e9cddc438ac3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.931Z", "modified": "2020-09-30T16:27:53.931Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMDEyNjE5OTI2NDg2MzYwNzY1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--1454ec7e-b334-436e-93f3-d03bdb76e1b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.948Z", "modified": "2020-09-30T16:27:53.948Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f09b373e-d157-43c2-921a-aa71ca4694a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.965Z", "modified": "2020-09-30T16:27:53.965Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--f027560e-9d5c-4981-81bd-5bf3d29080f6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.980Z", "modified": "2020-09-30T16:27:53.980Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--6694c5f2-bb30-4c58-ada8-355942685c36", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:53.997Z", "modified": "2020-09-30T16:27:53.997Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ2MDY1Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--9e082ad8-f43e-493b-9c77-2a94ee8bca4a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.012Z", "modified": "2020-09-30T16:27:54.012Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--fe201a00-1d27-438e-b559-4af66a1bef7c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.027Z", "modified": "2020-09-30T16:27:54.028Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRTZXNzaW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3a8df507-9aeb-4f75-bf9d-f9cf344e3dcb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.043Z", "modified": "2020-09-30T16:27:54.043Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE0OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--c1a20e57-3c1c-4528-ab29-b0131652602c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.058Z", "modified": "2020-09-30T16:27:54.058Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7b824b9f-f5a2-4cc1-9b88-2d733e12b37b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.076Z", "modified": "2020-09-30T16:27:54.076Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjY0NjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--2fcd1c6c-0a7b-437d-8fc1-3527bf7637ae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.091Z", "modified": "2020-09-30T16:27:54.091Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI5OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d625bab7-1e2f-4a99-b5e7-cc8ccf6c48bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.106Z", "modified": "2020-09-30T16:27:54.106Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjk1MjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--090199c8-e06e-4bfa-bf4c-992b4667969d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.122Z", "modified": "2020-09-30T16:27:54.122Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1MTAwMTkwNzIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--22454cb9-e7ea-4ce4-89a6-fb5033753459", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.137Z", "modified": "2020-09-30T16:27:54.137Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzg1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ed935aef-4005-43fa-8053-1118b927d441", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.153Z", "modified": "2020-09-30T16:27:54.153Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--96f33584-e723-43f7-894d-f7814ef4c002", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.168Z", "modified": "2020-09-30T16:27:54.168Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--0ce63f6a-b275-447c-9355-7c0317ae94db", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.183Z", "modified": "2020-09-30T16:27:54.183Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMzE3NzkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5b841179-d99a-41a6-98a5-e2e3e9457964", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.199Z", "modified": "2020-09-30T16:27:54.199Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--97eb657f-3a38-46e5-9464-815e03bf759b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.216Z", "modified": "2020-09-30T16:27:54.216Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--af9d9208-2044-4aca-bd65-494022df9b86", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.232Z", "modified": "2020-09-30T16:27:54.232Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--6bbb40ce-456f-47bc-901f-c2e539164246", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.248Z", "modified": "2020-09-30T16:27:54.248Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e71a3a4d-37f5-4358-8a61-6e828c34ea65", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.263Z", "modified": "2020-09-30T16:27:54.263Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ3OTc2MDA0NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--411281c6-5fe8-4839-8f97-9b5ecb69bd10", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.278Z", "modified": "2020-09-30T16:27:54.278Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDc5NzYwMDMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--822643d3-0b8b-4834-a291-6c08640a8f7a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.294Z", "modified": "2020-09-30T16:27:54.294Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b7f9b9ce-6f17-40c9-b8d3-cd71f79335b6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.309Z", "modified": "2020-09-30T16:27:54.309Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3MTYzMjMyOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d198eadb-bff1-49b0-b4d1-d9c93ce742c8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.325Z", "modified": "2020-09-30T16:27:54.325Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTk3NTEwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ac99a0fa-6614-45fb-b00f-3a1b2c2b3316", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.340Z", "modified": "2020-09-30T16:27:54.340Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--b33540a8-f479-42cc-b597-73226743cf7c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.357Z", "modified": "2020-09-30T16:27:54.357Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--6ff16cfb-29e0-4d52-85a2-04cc2cc4fc1a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.373Z", "modified": "2020-09-30T16:27:54.373Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--889cd2b9-4707-46d7-82a6-87f979f46071", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.388Z", "modified": "2020-09-30T16:27:54.388Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mi41MDkyMDA1MTMwMzM5NzZFLTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5de0e656-4130-4015-ab37-d160e2e3ee91", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.404Z", "modified": "2020-09-30T16:27:54.404Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NTk2Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--03323358-9667-448c-9bc9-9489615333b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.419Z", "modified": "2020-09-30T16:27:54.419Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--6220278e-8232-4020-8264-ff1ea7cc5260", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.435Z", "modified": "2020-09-30T16:27:54.435Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--9fb8659d-8383-463c-9391-13ff7290460a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.451Z", "modified": "2020-09-30T16:27:54.451Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--bc468931-b1fd-48da-ba2e-743bd52e29a5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.466Z", "modified": "2020-09-30T16:27:54.466Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--e26af959-d4be-41d9-8df2-2ab58f1179b9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.482Z", "modified": "2020-09-30T16:27:54.482Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzU5NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--590ceefe-9484-4520-aff2-8b0397ca9505", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.497Z", "modified": "2020-09-30T16:27:54.497Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--547f46e1-1fa8-4456-9ffe-58dcf69be619", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.514Z", "modified": "2020-09-30T16:27:54.514Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03NjMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--90a334fd-0f28-48a5-93fd-e6eae5ab6b03", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.530Z", "modified": "2020-09-30T16:27:54.530Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2MTQ1MTc3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--75119cba-9c24-460c-ba67-75e0274136c5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.546Z", "modified": "2020-09-30T16:27:54.546Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTUzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--74ce1d5c-5a8f-48a3-b7a1-985b84fd42ad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.562Z", "modified": "2020-09-30T16:27:54.562Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--bbe1c756-ccf4-4930-b8bd-9832922d4fcf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.578Z", "modified": "2020-09-30T16:27:54.578Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEzMTc2NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--d18f41c9-c81a-4d48-b9ea-061f3cdc0ec8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.593Z", "modified": "2020-09-30T16:27:54.593Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--9cb13ed3-d212-47d5-bc54-d01c0b5743b7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.609Z", "modified": "2020-09-30T16:27:54.609Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--3e17fb3d-eb9a-4780-bf06-60996b867967", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.624Z", "modified": "2020-09-30T16:27:54.624Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--5951bb09-e6f8-4b30-9a2e-284b84dabb88", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.640Z", "modified": "2020-09-30T16:27:54.640Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MTA0Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--80df5fd4-b4ed-48c0-b4fb-17611de7aa84", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.657Z", "modified": "2020-09-30T16:27:54.657Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--28c89815-a6dd-4cdf-b2c1-d2486d45b792", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.674Z", "modified": "2020-09-30T16:27:54.674Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--ec69a388-f77f-4c13-861a-631e45e39794", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.690Z", "modified": "2020-09-30T16:27:54.690Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e1499d1b-ce99-4bcf-a61a-8b9888af3efe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.706Z", "modified": "2020-09-30T16:27:54.706Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI3NjUwNjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7ca6a79d-2f90-4b2a-8606-7ebbcd31a667", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.721Z", "modified": "2020-09-30T16:27:54.721Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05NzEwMDMzNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--2d62ff7f-7957-4204-b9f1-9467965bc2c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.736Z", "modified": "2020-09-30T16:27:54.736Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--08fb2057-09fa-4a5f-a51a-7abb5e539d8b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.752Z", "modified": "2020-09-30T16:27:54.752Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjc2NTA2MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--bf7a292e-cd1b-4bbd-9096-3723c2a6917d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.767Z", "modified": "2020-09-30T16:27:54.767Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuNzMwNzA5NDU4NTk2MzIyRS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--f2ecabd7-2160-4800-ab7d-e2a5f1516775", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.783Z", "modified": "2020-09-30T16:27:54.783Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--477bcb1b-22f2-460a-874e-5bb94b2e26f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.798Z", "modified": "2020-09-30T16:27:54.798Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--3409da6c-5213-4aa7-8f82-8101ec4e81e7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.817Z", "modified": "2020-09-30T16:27:54.817Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDgwNjAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--40e2301d-e7bc-4590-82fa-aadf20d5f514", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.834Z", "modified": "2020-09-30T16:27:54.834Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--5fb5dd83-b5e2-4668-9363-6f20ab3b0dc7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.850Z", "modified": "2020-09-30T16:27:54.850Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgxMjcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--25c13cfa-bb04-4e8b-b26a-8fcb14cc30f2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.866Z", "modified": "2020-09-30T16:27:54.866Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--52c7b49d-7997-413b-b4ba-b3a005d3be9b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.881Z", "modified": "2020-09-30T16:27:54.881Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c5767b9c-9bdc-4757-890e-e5ab8bac78c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.897Z", "modified": "2020-09-30T16:27:54.897Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--9fdf0a48-107a-4559-b242-45e3462eaebc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.912Z", "modified": "2020-09-30T16:27:54.912Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--b054fc1b-6cfa-4f5c-a1bc-319b4536ac1c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.928Z", "modified": "2020-09-30T16:27:54.928Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--8d0fd042-a81f-4bba-8a83-01cc032854f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.943Z", "modified": "2020-09-30T16:27:54.943Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg0NzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--eebc8882-05de-4761-a857-28b743510b81", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.959Z", "modified": "2020-09-30T16:27:54.959Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwOTE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--65ef8ed9-b5df-4fa9-9ab0-278914a8714b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.975Z", "modified": "2020-09-30T16:27:54.975Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODgyNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--d75c4f72-b15f-4eae-8f1d-a3581d4c84bd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:54.997Z", "modified": "2020-09-30T16:27:54.997Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--6730b429-b75e-4a4a-8a6b-d8bf319235c9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.014Z", "modified": "2020-09-30T16:27:55.014Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MS4wNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--8e4af4e8-760d-4fe6-a2c1-3c5ee0087d2e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.031Z", "modified": "2020-09-30T16:27:55.031Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xODg1OTYyMjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e1c43603-7279-48ce-95ee-5c2668accc95", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.048Z", "modified": "2020-09-30T16:27:55.048Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTA1MTQ3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--086fe1b2-a6ce-4059-8b0b-37e08ba06e9f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.065Z", "modified": "2020-09-30T16:27:55.065Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c684e712-dac3-4eb5-ba81-bc515bf28f6b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.082Z", "modified": "2020-09-30T16:27:55.082Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c4dba46b-0556-48ce-846f-9fa1b04a7f5b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.097Z", "modified": "2020-09-30T16:27:55.097Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7c50580f-4800-4bf1-8818-c744a8b23904", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.113Z", "modified": "2020-09-30T16:27:55.113Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2CVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--1e6e9329-aec4-4132-8e5f-8787cd9987f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.130Z", "modified": "2020-09-30T16:27:55.130Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vc3lzL2ZzL2Nncm91cAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--aa620b69-394b-4a6d-b212-a838a610e8c9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.146Z", "modified": "2020-09-30T16:27:55.146Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2L3NobQlWYWx1ZT0wLjAxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e5f70f51-6a6d-4eff-95e8-929ac5cd2eb7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.162Z", "modified": "2020-09-30T16:27:55.162Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuL3VzZXIvMAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--702636f7-a4d4-4b27-93b0-09a9e1943423", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.177Z", "modified": "2020-09-30T16:27:55.177Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--8fd3e39e-d244-4d51-a95f-1118cb424e75", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.194Z", "modified": "2020-09-30T16:27:55.194Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuCVZhbHVlPTAuMTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7008396c-2288-4a9e-804a-d4d0eeb8a7b7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.210Z", "modified": "2020-09-30T16:27:55.210Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMTUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Ni4yCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--a11dd6bd-7a5e-466c-91db-b29b15d47875", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.225Z", "modified": "2020-09-30T16:27:55.225Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Jb1dhaXQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--a063a962-0052-4e0b-a6f5-e68f4d91fbd1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.241Z", "modified": "2020-09-30T16:27:55.241Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeUZyZWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDk4NzQ4LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--04ecad01-5d6a-439d-8081-093f24865664", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.257Z", "modified": "2020-09-30T16:27:55.257Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vYm9vdAlWYWx1ZT0wLjE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--70212131-7fc9-4156-aa93-c5dbc024d4be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.272Z", "modified": "2020-09-30T16:27:55.272Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Jvb3QJVmFsdWU9MTc4MTA2MzY4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7ed4324a-b725-4ba7-bce8-e6169494504c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.290Z", "modified": "2020-09-30T16:27:55.290Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bi91c2VyLzAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--b22d854a-3f1d-4b36-a9f9-2d1acee31fda", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.305Z", "modified": "2020-09-30T16:27:55.305Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bglWYWx1ZT04NTY3NjQ0MTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c2ae224f-3e95-4ebd-a773-13ea8c22a078", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.321Z", "modified": "2020-09-30T16:27:55.321Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3N5cy9mcy9jZ3JvdXAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--a7ebf3da-675b-4bb1-87bc-387bd3118052", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.337Z", "modified": "2020-09-30T16:27:55.337Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Rldi9zaG0JVmFsdWU9MjA0ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--ec1aeb6b-2f5d-4f22-849e-77c203281d7d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.352Z", "modified": "2020-09-30T16:27:55.352Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyLjEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--52650153-061b-40d7-b276-d6c1a3dcf331", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.368Z", "modified": "2020-09-30T16:27:55.368Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9LwlWYWx1ZT05MDY1NjI2NDE5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--175e9f5b-88c3-4d51-8543-b27083af3b5e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.383Z", "modified": "2020-09-30T16:27:55.383Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xLjk2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--d3f4186b-6497-4790-9340-7d0da888e1be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.399Z", "modified": "2020-09-30T16:27:55.399Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnNQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03LjA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--ea3e8650-8c3b-40f4-89c0-802e9a48dedc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.414Z", "modified": "2020-09-30T16:27:55.414Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxMDA0NjkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--ddf025c8-7cd5-49b1-bb39-7b2da08c3e58", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.430Z", "modified": "2020-09-30T16:27:55.430Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDY2MTIzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--ba8558b1-ce28-4280-a298-5332be4bdcae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.448Z", "modified": "2020-09-30T16:27:55.448Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--b16678f6-53cd-4c18-beb3-13aff9f1aa1d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.463Z", "modified": "2020-09-30T16:27:55.463Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--0a89f55d-2bd3-4f7a-9f6f-24fc583c77b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.479Z", "modified": "2020-09-30T16:27:55.479Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OaWNlQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--2cdcba23-8ad3-41a5-907d-abb413df33ce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.495Z", "modified": "2020-09-30T16:27:55.495Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2RldglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7fc6eafd-fdbe-43ee-aa4f-2ce5c9d74ccf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.510Z", "modified": "2020-09-30T16:27:55.510Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzEwMDQ2Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--26edf8f1-d051-4ad2-bc8e-758c2438160d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.526Z", "modified": "2020-09-30T16:27:55.526Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA2ODYwMjc5NTMzODA2MTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--0c7403b4-06b4-4d16-b467-ab06c05ad31c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.542Z", "modified": "2020-09-30T16:27:55.542Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ1Ni41OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c342aca4-4490-4eb9-953a-047ed53443d7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.559Z", "modified": "2020-09-30T16:27:55.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9MC40MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--bdb4103c-694e-4493-8324-7b8f2024b293", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.576Z", "modified": "2020-09-30T16:27:55.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MC4wNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--4259aab7-4c65-4d22-a7b6-62435bc956fb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.594Z", "modified": "2020-09-30T16:27:55.594Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTEuMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--1353f3d9-4b61-40f1-9f35-c901d8b27851", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.610Z", "modified": "2020-09-30T16:27:55.610Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0xLjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--2bdc9cf4-e023-4244-91dc-9bbde2952d15", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.626Z", "modified": "2020-09-30T16:27:55.626Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVDUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--cbb1f00a-759d-491d-bd85-f27f77a703d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.642Z", "modified": "2020-09-30T16:27:55.642Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BDbG9zZVdhaXRDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--725229ea-d723-4616-a2e4-8be1f54d1c69", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.658Z", "modified": "2020-09-30T16:27:55.658Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--cb51ce89-b004-4112-8a8a-d7f55f415d9a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.673Z", "modified": "2020-09-30T16:27:55.673Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05ODAyODM3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--34a4bdf5-d098-4bd4-98ea-4afd3f03978f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.689Z", "modified": "2020-09-30T16:27:55.689Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYJVmFsdWU9ODMxNjA1OTY0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c6ad4327-1a0a-41ae-9743-33355f27015f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.704Z", "modified": "2020-09-30T16:27:55.704Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ib290CVZhbHVlPTEwNjMyNTYwNjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--0ddb24a7-124b-448d-a665-f5c86c79b571", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.719Z", "modified": "2020-09-30T16:27:55.719Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjI0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7faaa7c0-b43d-41a8-ba19-adfa294c59b7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.737Z", "modified": "2020-09-30T16:27:55.737Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4vdXNlci8wCVZhbHVlPTE2NjU2MTc5MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c9f50ebe-32ad-457c-99a1-5c3c96509db8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.753Z", "modified": "2020-09-30T16:27:55.753Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9zeXMvZnMvY2dyb3VwCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--9c0440a9-a319-4420-8e53-e9c9d1266a48", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.769Z", "modified": "2020-09-30T16:27:55.769Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4JVmFsdWU9ODMyODA3NzMxMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--8c607d1e-cf84-40fb-a41b-16f67f4b63bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.784Z", "modified": "2020-09-30T16:27:55.784Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYvc2htCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e67363b1-234f-4b56-b229-7f9ad6e21ccf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.800Z", "modified": "2020-09-30T16:27:55.800Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--ae0c0833-43e0-48b2-893c-8cca4582b31d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.815Z", "modified": "2020-09-30T16:27:55.815Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--16403ff6-d8a3-4c9f-86c3-27fda2688813", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.830Z", "modified": "2020-09-30T16:27:55.830Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTAuMDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--fb28827b-130f-4a19-ab0c-54881e7301d1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.847Z", "modified": "2020-09-30T16:27:55.847Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeVVzZWQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MS41NzY3MDI4RTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--a9514337-f50d-4cdf-9294-0cf0d47b388c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.863Z", "modified": "2020-09-30T16:27:55.863Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--2eb7c27f-58b6-456b-a7d1-f6a82a3d6df1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.878Z", "modified": "2020-09-30T16:27:55.878Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXNDcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NC42NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--44f80cc2-d911-463b-a410-5453e91f0544", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.896Z", "modified": "2020-09-30T16:27:55.896Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--10f47703-40a2-4688-ae40-12daae7c7596", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.912Z", "modified": "2020-09-30T16:27:55.912Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVdyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--80ff3136-ebdf-475b-a65a-4ca389c07a73", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.928Z", "modified": "2020-09-30T16:27:55.928Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1CdWZmZXJlZE1lbW9yeQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--3974cc04-e9dc-4b06-bff3-460158788d81", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.944Z", "modified": "2020-09-30T16:27:55.944Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1LZXJuZWxPT01Db3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--87b915b8-a4c3-434e-a352-e49a1930e428", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.959Z", "modified": "2020-09-30T16:27:55.959Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--3437923e-bdb3-4be8-85e0-1c7598fb27ae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.975Z", "modified": "2020-09-30T16:27:55.975Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS8JVmFsdWU9MjU4NjQ1NDI2MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--dc04a75e-12ce-4f75-a9d2-4973d7988901", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:55.990Z", "modified": "2020-09-30T16:27:55.990Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--52a8bcec-4acc-4838-becd-45ec90133504", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.006Z", "modified": "2020-09-30T16:27:56.006Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTc3OC4yCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--fa28f423-a3bc-4556-bfbc-8a1e3b0d9e70", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.021Z", "modified": "2020-09-30T16:27:56.021Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VZHBDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--33c5b58f-8c18-4c47-9aa9-685af1d228db", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.036Z", "modified": "2020-09-30T16:27:56.036Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--4a9756e2-9ea3-4f59-9e1d-e2040cca3f4d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.053Z", "modified": "2020-09-30T16:27:56.053Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhcldyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--b122cb07-f738-4642-bcf2-bfc1b7d67db3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.069Z", "modified": "2020-09-30T16:27:56.069Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--eabaec47-bca3-4500-ab5a-8b683bba1e1f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.084Z", "modified": "2020-09-30T16:27:56.084Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTk5MTY0LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--7a5aa565-ece0-48e5-8513-822934e7adb7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.101Z", "modified": "2020-09-30T16:27:56.101Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--c8fc790e-3950-48cf-9de9-3c6ff967262e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.116Z", "modified": "2020-09-30T16:27:56.116Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhckNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--dc8c18ec-e544-479e-af48-d912fea38056", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.132Z", "modified": "2020-09-30T16:27:56.132Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Vc2VyQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTguODIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--d2c9cdd0-3023-49d5-a573-2a45ab33ad36", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.149Z", "modified": "2020-09-30T16:27:56.149Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9Mi4zMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--3b7ba1c5-f37b-4877-9ae0-1e81e3da4596", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.165Z", "modified": "2020-09-30T16:27:56.165Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--dab9ad57-1797-4698-8beb-47c06100c3ff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.182Z", "modified": "2020-09-30T16:27:56.182Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bUNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--34dbd330-3785-41b8-8979-ccabb6c53fa8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.201Z", "modified": "2020-09-30T16:27:56.201Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--92984bb1-a9c3-4f92-a64b-5e688d90cba9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.218Z", "modified": "2020-09-30T16:27:56.218Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTIuNDUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--029740fc-fdad-4510-b6c6-2f1b29418ba2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.235Z", "modified": "2020-09-30T16:27:56.235Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e48a1738-4c03-45c5-b588-7cba24a8e930", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.252Z", "modified": "2020-09-30T16:27:56.252Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5RdWV1ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--33af3364-55f9-4b91-8254-30f5bb6d716a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.268Z", "modified": "2020-09-30T16:27:56.268Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9eGZzCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--dd47087e-1f27-4618-aa2c-582ca64c1ec7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.284Z", "modified": "2020-09-30T16:27:56.284Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DYWNoZWRNZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwMzg2MDQuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--0e506132-1bba-4765-a5b2-338c8c935430", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.300Z", "modified": "2020-09-30T16:27:56.300Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9ZGV2dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--353cb694-2a7f-4e07-b0fa-4d42d2add95e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.316Z", "modified": "2020-09-30T16:27:56.316Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--240e4785-8515-41da-9539-838a2be54fa2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.331Z", "modified": "2020-09-30T16:27:56.331Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9OS42Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--9d3e86cb-7aa6-4cca-882a-4e5d76f0659a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.349Z", "modified": "2020-09-30T16:27:56.349Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1DcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--3f6e0bf2-b547-495e-98b5-fc11f157fd1f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.366Z", "modified": "2020-09-30T16:27:56.366Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhclJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--151a3efe-f817-4dfd-840e-7c9c455760c9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.382Z", "modified": "2020-09-30T16:27:56.382Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yODE2NzEwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e4d33f4f-f72a-4a0b-9972-68d6fb9ceabc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.398Z", "modified": "2020-09-30T16:27:56.398Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--f7128025-4b1d-4949-8f3a-1741ab2df627", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.414Z", "modified": "2020-09-30T16:27:56.414Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e0232c71-6d8c-4141-b5ae-8adf80fe3c09", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.430Z", "modified": "2020-09-30T16:27:56.430Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9NDIuMzUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--f6443c60-90bf-4a82-b201-b66b6af80ea7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.447Z", "modified": "2020-09-30T16:27:56.447Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UQ1BFc3RhYmxpc2hlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NjU3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--cc82054c-755b-44a5-9856-9e1d8360b2b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.463Z", "modified": "2020-09-30T16:27:56.463Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--768732be-a18f-4a28-9bbe-27e01ef3cc2e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.479Z", "modified": "2020-09-30T16:27:56.479Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MaXN0ZW5Db25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--49bf176e-f63e-4ab1-8035-81364f3ca77a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.495Z", "modified": "2020-09-30T16:27:56.495Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--09c4cba7-e720-44f9-8646-b8e0172f4799", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.512Z", "modified": "2020-09-30T16:27:56.512Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwVXRpbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMi40Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--a5ea2043-0910-4443-bb34-12a0833dfcc1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.528Z", "modified": "2020-09-30T16:27:56.528Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.510Z", "last_observed": "2020-09-30T16:25:05.510Z", "number_observed": 1 }, { "id": "observed-data--7ab0d1c1-926b-4e4e-902a-e228bca922d0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.544Z", "modified": "2020-09-30T16:27:56.544Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--4f6cf2b2-a140-4fbf-b5ce-e3f74f1f9fd7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.559Z", "modified": "2020-09-30T16:27:56.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTE3LjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--fc0b54e5-40c7-4461-8ba4-596600a94cc9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.576Z", "modified": "2020-09-30T16:27:56.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--0c8b3db0-03f2-405b-aa75-f39e8fe4431d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.593Z", "modified": "2020-09-30T16:27:56.593Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NC42NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e3affc4f-91d0-4049-bf26-750e8b7e0923", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.610Z", "modified": "2020-09-30T16:27:56.610Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--232791d9-af22-4c41-8eca-bfdb7c9d0719", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.627Z", "modified": "2020-09-30T16:27:56.627Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0xNi40Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--17a57ef0-9872-4e48-bec3-093359768e99", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.643Z", "modified": "2020-09-30T16:27:56.643Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--2915e263-e7ff-424b-84a1-72411679fca3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.662Z", "modified": "2020-09-30T16:27:56.662Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--526372db-6bf4-4240-b5fd-a81cc5a243db", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.680Z", "modified": "2020-09-30T16:27:56.680Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--e35f29d0-cb3e-4835-93a5-bf64e9655776", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.696Z", "modified": "2020-09-30T16:27:56.696Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVXcml0ZUlPCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--5caea815-a353-4c83-baa2-824ac6e528f8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.712Z", "modified": "2020-09-30T16:27:56.712Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BUaW1lV2FpdENvbm5lY3Rpb25zCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI1OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9bmV0c3RhdAlWYWx1ZT0xNTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--ff3dfdac-09de-4c89-ad93-3654aaf160ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.727Z", "modified": "2020-09-30T16:27:56.727Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjU6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--f79fcf0b-0ebb-430d-84a9-8a56b793729c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.744Z", "modified": "2020-09-30T16:27:56.744Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ1Ni41OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--cb0a3b3d-dbfe-48cf-a146-69312adec114", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.759Z", "modified": "2020-09-30T16:27:56.759Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI1OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNTowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9NC40MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:05.521Z", "last_observed": "2020-09-30T16:25:05.521Z", "number_observed": 1 }, { "id": "observed-data--2815725d-44de-4e69-8dc2-c7281ce3c3f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.775Z", "modified": "2020-09-30T16:27:56.775Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gVG90YWwgUGFja2V0U291cmNlIE5JQzogZXRoMSBUb3RhbCBQYWNrZXRzIHJlY2VpdmVkOiAyODMxIFRvdGFsIFBhY2tldHMgRHJvcHBlZDogMCBUb3RhbCBQYWNrZXQgUmF0ZTogNDcvc2VjIFRvdGFsIFByb2Nlc3NlZCBQYWNrZXQgUmF0ZTogNDcvc2VjCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--c5162105-8c4a-451c-acb6-d66db40980de", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.790Z", "modified": "2020-09-30T16:27:56.790Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gU3RhdHMgZm9yIFBhY2tldFNvdXJjZSBOSUM6IGV0aDEgUGFja2V0c0BUaHJlYWQgSW5kZXg6IDAgUGFja2V0cyBSZWNlaXZlZDogMjgzMSBQYWNrZXRzIERyb3BwZWQ6IDAgUGFja2V0IFJhdGU6IDQ3L3NlYyBQcm9jZXNzZWQgUGFja2V0IFJhdGU6IDQ3L3NlYyBQY2FwQ2FsbEJhY2sgUGFja2V0czogODM4MzQyMjAK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--aec4162d-05cd-41d1-a4a8-ca1223a66adb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.806Z", "modified": "2020-09-30T16:27:56.806Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gSVBGSVggRmxvdyBTb3VyY2UgU3RhdHMgZm9yIGRlZmF1bHRfTmV0ZmxvdzogIHJlY2VpdmVkIGFuZCBwcm9jZXNzZWQgMCBwYWNrZXRzLgo=" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--2c94c080-7743-493f-acff-f87448c5c856", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.823Z", "modified": "2020-09-30T16:27:56.823Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gU3RhdHMgZm9yIFBhY2tldFNvdXJjZSBOSUM6IGV0aDAgUGFja2V0c0BUaHJlYWQgSW5kZXg6IDAgUGFja2V0cyBSZWNlaXZlZDogNjc4NyBQYWNrZXRzIERyb3BwZWQ6IDAgUGFja2V0IFJhdGU6IDExMy9zZWMgUHJvY2Vzc2VkIFBhY2tldCBSYXRlOiAxMTMvc2VjIFBjYXBDYWxsQmFjayBQYWNrZXRzOiAxNTk1Njc5ODIK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--521d0baa-8bf8-448a-b9ad-299d98c50570", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.842Z", "modified": "2020-09-30T16:27:56.842Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gU2VudCAzNDggZmxvd3Mgb24gdHJhbnNwb3J0IGNvbm5lY3Rpb24gdG8gOS4yOC4yMzQuMTY5OjMyMDEwCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--af4c77e6-5c70-4e9e-a4c7-d4552d26c4c6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.860Z", "modified": "2020-09-30T16:27:56.860Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gQ3VycmVudCBpbnRlcnZhbCBzdGFydGluZyBpbnB1dCBmbG93IGNvdW50OiAyMzM3Cg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--b8a3a471-dfe3-4e35-9853-1dc6f9cd30a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.878Z", "modified": "2020-09-30T16:27:56.878Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gVG90YWwgUGFja2V0U291cmNlIE5JQzogZXRoMCBUb3RhbCBQYWNrZXRzIHJlY2VpdmVkOiA2Nzg3IFRvdGFsIFBhY2tldHMgRHJvcHBlZDogMCBUb3RhbCBQYWNrZXQgUmF0ZTogMTEzL3NlYyBUb3RhbCBQcm9jZXNzZWQgUGFja2V0IFJhdGU6IDExMy9zZWMK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--02cd57bc-2b67-430a-8e7e-d1b628875d04", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.895Z", "modified": "2020-09-30T16:27:56.895Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzEwMF0gRmxvd3MgaGVsZCBvdmVyIGZvciB0aGUgbmV4dCByZXBvcnRpbmcgaW50ZXJ2YWw6IDIzCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--88443e83-efb8-4e3e-99f8-9eb00bfd160f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.912Z", "modified": "2020-09-30T16:27:56.912Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gQnl0ZSBjb3VudDogOTU4OTM5Cg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--89671df7-54b0-4037-a14c-62c0e7d0bc88", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.928Z", "modified": "2020-09-30T16:27:56.928Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gVG90YWwgbnVtYmVyIG9mIGFnZ3JlZ2F0YWJsZSBmbG93cyByZWNlaXZlZCBmcm9tIGFsbCBmbG93IHNvdXJjZXM6IDk2MTQK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--fe86a2c0-4e0d-43e1-bb96-dc6b6fd78521", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.944Z", "modified": "2020-09-30T16:27:56.945Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gTnVtYmVyIG9mIGZsb3dzIHRoYXQgc2hvdWxkIGJlIHJlcG9ydGVkIGluIHRoZSBpbnRlcnZhbDogMjM1Mgo=" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--56e4612a-f794-407e-b65e-a6bb8d7303fb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.960Z", "modified": "2020-09-30T16:27:56.960Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gUGFja2V0IGNvdW50OiA5NjE0Cg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--b47443f7-8619-49ba-bd5f-4d1612de9d12", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.975Z", "modified": "2020-09-30T16:27:56.975Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gT3ZlcmZsb3cgY291bnQ6IDAgKENvbXByZXNzZWQ6IDApCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--8e7f017f-ca0d-40a2-991c-6e6afb8799f2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:56.995Z", "modified": "2020-09-30T16:27:56.995Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gTmV3IGlucHV0IGludGVydmFsIHN0YXJ0ZWQK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--58670b29-7fdc-4cdf-9864-00b723fd6133", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.013Z", "modified": "2020-09-30T16:27:57.013Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gVG90YWwgbnVtYmVyIG9mIG5vbi1hZ2dyZWdhdGFibGUgZmxvd3MgcmVjZWl2ZWQgZnJvbSBhbGwgZmxvdyBzb3VyY2VzOiAwCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--6376d05a-754f-4524-9a93-2956e4020f68", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.029Z", "modified": "2020-09-30T16:27:57.029Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSBub3RpZmljYXRpb25fbG9nX2NsYXNzaWZpZXIucGwgWzI5MjY1XSBxZmxvdzogW0lORk9dIFtOT1Q6MDAwMDAwNjAwMF1bOS4yOC4yMzQuMTY5Ly0gLV0gWy0vLSAtXSBbMTYwMTQ4MzE2MF0gU3VwZXJmbG93IGNvdW50OiAxMiAoQ29tcHJlc3NlZDogMTk4MykK" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.147Z", "last_observed": "2020-09-30T16:26:00.147Z", "number_observed": 1 }, { "id": "observed-data--f9f23d0e-3727-4828-8461-d01010409f1c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.045Z", "modified": "2020-09-30T16:27:57.045Z", "objects": { "0": { "type": "ipv4-addr", "value": "192.168.11.66", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "TEVFRjoxLjB8Qml0OXxQYXJpdHl8MTkyLjE2OC4wLjF8TmV3X2ZpbGVfb25fbmV0d29ya3xjYXQ9RGlzY292ZXJ5CXNldj00CWRldlRpbWU9SnVuIDE0IDIwMTAgMTA6MjU6MzUuMDAwIFVUQwltc2c9U2VydmVyIGRpc2NvdmVyZWQgbmV3IGZpbGUgJ2M6XFByb2dyYW0gRmlsZXNcUVJhZGFyXGZpbGUxLmV4dCcgCWV4dGVybmFsSWQ9MTIJc3JjPTE5Mi4xNjguMTEuNjYJc3JjSG9zdE5hbWU9Q0xJTwlzcmNQcm9jZXNzPWM6XFByb2dyYW0gRmlsZXNcUVJhZGFyX3YxXEFkbWluaXN0cmF0b3IJZmlsZVBhdGg9YzpcUHJvZ3JhbSBGaWxlc1xRUmFkYXJcZmlsZTEuZXh0CWZpbGVOYW1lPXVhdF9maWxlLmV4ZQlmaWxlSGFzaD1iMGFiNzA3NmIwZmU0Yjc1OGQ4ZTY2MjI2MDVkOTQyMDRjYzFiNTViYWY3MTgxMjljYWZlNzUwZDgzNWZmYjIxCWZpbGVJZD00Mglwb2xpY3k9RGVmYXVsdCBQb2xpY3kJZHN0SG9zdD1tZWdhbmUK" }, "6": { "type": "file", "name": "uat_file.exe", "hashes": { "SHA-256": "b0ab7076b0fe4b758d8e6622605d94204cc1b55baf718129cafe750d835ffb21" } }, "7": { "type": "directory", "path": "c:\\Program Files\\QRadar" } }, "x_ibm_ariel": { "event_name": "New File On Network", "qid": 59500044, "category_name": "Alert", "category_id": 8060, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 73, "device_type": 230, "log_source_type_name": "Bit9 Security Platform", "log_source_name": "Bit9 Security Platform @ 127.0.0.1", "direction": "L2R", "identity_ip": "0.0.0.0", "magnitude": 5, "severity": 4, "credibility": 5, "relevance": 6, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100555", "100249", "100246", "100200" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "Context is Local to Remote" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:50.710Z", "last_observed": "2020-09-30T16:26:50.710Z", "number_observed": 1 }, { "id": "observed-data--cb14740f-c818-41a5-b8c0-cd32885a274d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.065Z", "modified": "2020-09-30T16:27:57.065Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUmVjb3JkU2l6ZUV2ZW50cwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWVjcy1lcC5lY3MtZXAyCVZhbHVlPTIzNy4zOTc3NTk1MzEyOTE3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b679fbe9-9ab0-49d2-874d-85373973a326", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.081Z", "modified": "2020-09-30T16:27:57.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MDkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--91c02b5e-4b2d-467b-8b34-9c01c2c6b628", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.097Z", "modified": "2020-09-30T16:27:57.097Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUmVjb3JkU2l6ZUZsb3dzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9ZWNzLWVwLmVjcy1lcDEJVmFsdWU9MzA3LjQwODMyNDM1NDMyOTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--dcb207f9-98dd-49dd-855d-7c81bb3b3015", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.113Z", "modified": "2020-09-30T16:27:57.113Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUGF5bG9hZFNpemVFdmVudHMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1lY3MtZXAuZWNzLWVwMglWYWx1ZT00MTAuMzg2MzEyNTA2MTMyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f0cd436e-2979-4c97-be1a-ee9a7e4c2198", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.132Z", "modified": "2020-09-30T16:27:57.132Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BdmVyYWdlUGF5bG9hZFNpemVGbG93cwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWVjcy1lcC5lY3MtZXAxCVZhbHVlPTg0LjAxMDY2OTA0NzMwOTExCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5eb9a410-160c-4c55-8593-329da2026804", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.149Z", "modified": "2020-09-30T16:27:57.149Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4xODU3NTU3NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6045c659-125e-468f-8538-0611474c9244", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.166Z", "modified": "2020-09-30T16:27:57.166Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--769bed17-c405-400c-9b58-efd42ac80e22", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.183Z", "modified": "2020-09-30T16:27:57.183Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9cd58f82-9bc3-40ab-a72d-5c75e4b22170", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.198Z", "modified": "2020-09-30T16:27:57.198Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5ccab3f3-be17-4e91-afd0-372138cd70c8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.214Z", "modified": "2020-09-30T16:27:57.214Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2494e69d-856e-4990-bd36-a6f867812b01", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.229Z", "modified": "2020-09-30T16:27:57.229Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3932367f-7618-4e62-9088-777658633df5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.246Z", "modified": "2020-09-30T16:27:57.246Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjU5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--54a48e7e-d78d-4243-b947-6cc3df81d408", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.264Z", "modified": "2020-09-30T16:27:57.264Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1e135c16-a431-46f4-bf27-e92c3d1a21be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.281Z", "modified": "2020-09-30T16:27:57.281Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DdXJyZW50SG9zdHNUcmFja2luZ0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--bb8a02f9-a584-4ab5-8432-ac68e21b56de", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.300Z", "modified": "2020-09-30T16:27:57.300Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9ae23e07-3045-402e-8387-c227fcc9fa78", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.316Z", "modified": "2020-09-30T16:27:57.316Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVRdWV1ZVNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a60cba9f-dc86-4922-b8f7-f3562e009f83", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.333Z", "modified": "2020-09-30T16:27:57.333Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--14ea1036-e32d-4b61-ae19-33bad57fcc4c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.349Z", "modified": "2020-09-30T16:27:57.349Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFJhdGVFUE1vbglEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjIuNzgzMzMzMzMzMzMzMzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b50d4290-509c-4a02-a3bc-68ff748eb2b1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.365Z", "modified": "2020-09-30T16:27:57.365Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--bc573cd5-91a7-42fb-be4e-badfb8d4bb60", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.381Z", "modified": "2020-09-30T16:27:57.381Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMDk5MzYwMDk5OTk5OTk5OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--abe08f17-9b38-478b-a0ab-ddd5c694e06c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.398Z", "modified": "2020-09-30T16:27:57.398Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--28323f91-c5a1-4888-802c-5cee03b20341", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.416Z", "modified": "2020-09-30T16:27:57.416Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ba4829ba-5c22-45a3-940a-ae3ee8035d33", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.433Z", "modified": "2020-09-30T16:27:57.433Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8359d4c4-5cae-435d-a318-90f370cffd0a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.452Z", "modified": "2020-09-30T16:27:57.452Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--efb8a827-ae8f-44ae-8c8c-a4ab933b1bf9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.469Z", "modified": "2020-09-30T16:27:57.469Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--064207ea-4583-4e9f-be8e-1e46ba7bc544", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.485Z", "modified": "2020-09-30T16:27:57.485Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExODIzNTEzNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9580b678-2db1-42cc-b1af-ba871402bb6d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.502Z", "modified": "2020-09-30T16:27:57.502Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA4NTc3MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d4a42c04-a6a7-4b78-87b9-489173e63e00", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.517Z", "modified": "2020-09-30T16:27:57.517Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--467d8649-cd42-40dd-9e05-fb7b34f9a8e2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.533Z", "modified": "2020-09-30T16:27:57.533Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwODU3ODYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--974bff86-36d1-4521-a38b-33d46e032edc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.549Z", "modified": "2020-09-30T16:27:57.549Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02ODgwODAwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--27b0c316-023a-4fea-93e4-887a23c676f3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.564Z", "modified": "2020-09-30T16:27:57.564Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3a9063d2-87dd-414a-8675-9537884a98c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.580Z", "modified": "2020-09-30T16:27:57.580Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMjc0NjkwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--caad7168-11c6-45d3-9d47-bfbc86e007a2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.595Z", "modified": "2020-09-30T16:27:57.595Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2af9b087-1644-4fe9-90ca-adbd1a6dccf2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.613Z", "modified": "2020-09-30T16:27:57.613Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--36e2e1db-f013-4341-bb9f-1cd113a0c688", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.628Z", "modified": "2020-09-30T16:27:57.628Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcwODUyNTk5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d7541a4d-c6d1-4239-a6ff-6404f5da53e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.644Z", "modified": "2020-09-30T16:27:57.644Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e4c762b4-f4ed-4a91-ac59-a700881cfc49", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.661Z", "modified": "2020-09-30T16:27:57.661Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA4MTY3ODYwNjA3MTkyNzkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6a74198f-aaa0-4766-abe2-28768e6e3f27", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.676Z", "modified": "2020-09-30T16:27:57.676Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXdBbmRVcGRhdGVkSG9zdHNDb3VudEN1cnJlbnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--251863a4-f780-4937-8818-245421ab12dc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.692Z", "modified": "2020-09-30T16:27:57.692Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcwODUyNTk5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--116d17c0-3ad7-4791-8e82-1ecdec8ab8ca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.708Z", "modified": "2020-09-30T16:27:57.708Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00NDE2MjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d175e600-36f2-4cdc-89e1-0f3fa1a9042e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.723Z", "modified": "2020-09-30T16:27:57.723Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a2549413-0983-46f7-babd-f1577245fc0b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.739Z", "modified": "2020-09-30T16:27:57.739Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--aab7fb9e-abc9-4dc7-9006-9571b0320975", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.754Z", "modified": "2020-09-30T16:27:57.754Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--92f71fa0-f555-4d49-a588-f272bf874435", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.772Z", "modified": "2020-09-30T16:27:57.772Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjQ5Njg3NDMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7fec1983-5d1b-498d-a42d-4a285813f800", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.788Z", "modified": "2020-09-30T16:27:57.788Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTEwMC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d704e4ff-8273-492a-b253-a2720ea07064", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.804Z", "modified": "2020-09-30T16:27:57.804Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0db49717-f6a1-4298-8f3a-c90acbc0ed3d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.820Z", "modified": "2020-09-30T16:27:57.820Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--802ea0a9-04bf-4b8a-ba67-6e670d1bb91d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.836Z", "modified": "2020-09-30T16:27:57.836Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExODIzNTEzNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0dcb92cf-ceea-4971-9493-ec250e8bc6f5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.853Z", "modified": "2020-09-30T16:27:57.853Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zOTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0c3d7012-d1ec-40d9-ad5e-bd8f2418b2ca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.868Z", "modified": "2020-09-30T16:27:57.868Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1BcHBzUmVwb3J0ZWRJbkxhc3RSZXBvcnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--fdaa925c-e2ed-4db0-9060-66ad648fe6ab", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.883Z", "modified": "2020-09-30T16:27:57.883Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIyMTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0ad6639c-a7e2-4fbb-b82a-797caff06aa0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.899Z", "modified": "2020-09-30T16:27:57.899Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--526e48ba-4956-4283-95ee-1278f646611b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.917Z", "modified": "2020-09-30T16:27:57.917Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0U3RvcHdhdGNoVHhUaW1lTXMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1cffbeac-56d0-43da-bb09-13426f329584", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.935Z", "modified": "2020-09-30T16:27:57.935Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ec4ced2c-df53-4ad1-bee6-1568fd68bf5f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.952Z", "modified": "2020-09-30T16:27:57.952Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMDQxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--89e0b253-1c0c-4c9e-b304-7c6f167cba9d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.968Z", "modified": "2020-09-30T16:27:57.968Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwNzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--31940b63-580f-4caa-88fb-bd1b361a2c4e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:57.984Z", "modified": "2020-09-30T16:27:57.984Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0aW5nVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNDIyNDM2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c8212a1e-82fc-4efb-8864-c84ce05d996c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.001Z", "modified": "2020-09-30T16:27:58.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTA4NDk1MzYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7e8946f7-0ac8-46ee-8dfe-21526c748532", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.017Z", "modified": "2020-09-30T16:27:58.017Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjYxMzQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0aff5b7b-b300-448f-a8f4-c3271d001364", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.032Z", "modified": "2020-09-30T16:27:58.032Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--4b511668-8003-48cf-961d-ea079056bb7d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.048Z", "modified": "2020-09-30T16:27:58.048Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b88306fa-4018-44a3-8d69-4d39d517ca68", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.065Z", "modified": "2020-09-30T16:27:58.065Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjUwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--89b84145-0ca3-44eb-84c8-29264b0d40ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.081Z", "modified": "2020-09-30T16:27:58.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3a121a89-f9b5-4c70-aa86-185369e40d78", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.097Z", "modified": "2020-09-30T16:27:58.097Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--4d1d7939-2c34-444a-bd05-11dcb2a0844e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.113Z", "modified": "2020-09-30T16:27:58.113Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zODIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--43022857-58aa-4301-a132-f1d15c1a413a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.128Z", "modified": "2020-09-30T16:27:58.128Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyRGlza1NpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--96485437-a31b-4ad3-9821-1a77a20de343", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.144Z", "modified": "2020-09-30T16:27:58.144Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM1OTkwNDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--749dfd72-16c8-4a5b-9c9f-bde2613b7e22", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.160Z", "modified": "2020-09-30T16:27:58.160Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d6fa2722-081c-4a49-af60-a4db67750492", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.175Z", "modified": "2020-09-30T16:27:58.175Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f8822564-b9d3-43b4-9003-e49f87317b88", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.190Z", "modified": "2020-09-30T16:27:58.190Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY0Rpc2tTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--be8c6473-fe15-4a4f-ac5b-06bce160e95c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.206Z", "modified": "2020-09-30T16:27:58.206Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--dd0c104c-2941-4a46-83cb-155a45da5ca9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.223Z", "modified": "2020-09-30T16:27:58.223Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6ea38d22-a5e7-423a-bb77-fc9ed740e8dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.240Z", "modified": "2020-09-30T16:27:58.240Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e07a52e3-16c5-431f-8946-11d3c286bd3b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.255Z", "modified": "2020-09-30T16:27:58.255Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9b271dc4-aa31-4123-9bbc-7a7c975d2192", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.270Z", "modified": "2020-09-30T16:27:58.270Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7af20c4c-3bf6-411e-9388-7a775e949c25", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.286Z", "modified": "2020-09-30T16:27:58.286Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwNDI4OTEwNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--42a68439-08d1-48de-81b1-f4a87d4eb64d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.301Z", "modified": "2020-09-30T16:27:58.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzExMDU0NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0237ba35-380e-478a-84bd-2ddd8e944975", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.317Z", "modified": "2020-09-30T16:27:58.317Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f92408d3-d3a1-423a-b1b1-1ff9e6e15928", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.334Z", "modified": "2020-09-30T16:27:58.334Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a8c1e0ca-9e17-40f5-97ef-5da2adc94459", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.350Z", "modified": "2020-09-30T16:27:58.350Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwNTA5MjAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--fdf0304c-bd81-4a62-9b41-c605dee090f8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.368Z", "modified": "2020-09-30T16:27:58.368Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgzMTEwNTMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--83d7ffb5-4c57-44f7-b23f-783d015a39cc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.384Z", "modified": "2020-09-30T16:27:58.384Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--39a052e8-0d5f-47fa-8aba-5be6290deff2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.399Z", "modified": "2020-09-30T16:27:58.399Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--56deccd7-2400-4aa3-a486-065309fc89d0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.415Z", "modified": "2020-09-30T16:27:58.415Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMDI2MzM3MTU4OTA5MDIyMzIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b65f9f53-bcbb-4dc4-bde5-69ec6d92ed1c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.430Z", "modified": "2020-09-30T16:27:58.430Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE4ODY3ODYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2a333883-0369-4a41-8e5f-b14558f488ad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.446Z", "modified": "2020-09-30T16:27:58.446Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c7415a0a-979b-4be9-81ea-a484baf53c35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.463Z", "modified": "2020-09-30T16:27:58.463Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--473ce4fa-54a1-41cd-955d-f2c047438175", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.478Z", "modified": "2020-09-30T16:27:58.478Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8e83ab4d-af54-443a-ba9e-54d52538efc8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.493Z", "modified": "2020-09-30T16:27:58.494Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM1OTkwNDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c0e534a9-4f3d-46bd-8d2d-64ba1c9bd021", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.510Z", "modified": "2020-09-30T16:27:58.510Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Mjg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--4c4a9fbf-386b-471a-ae90-0727d305543e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.528Z", "modified": "2020-09-30T16:27:58.528Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODIxNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--67558cdc-f56e-4257-a2f2-14597eeea207", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.544Z", "modified": "2020-09-30T16:27:58.544Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--15bc5a8f-b1dc-4290-ba76-955bfa823d23", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.559Z", "modified": "2020-09-30T16:27:58.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjEyNjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--268c70ac-fe11-4eeb-9415-308df1836ff3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.576Z", "modified": "2020-09-30T16:27:58.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--63ae18b0-4e9c-4b3e-9099-c226e6b9114b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.591Z", "modified": "2020-09-30T16:27:58.591Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ5NTgyODk5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1730c32b-b92c-42e9-9c5f-8f4a2f0154eb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.607Z", "modified": "2020-09-30T16:27:58.607Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjQ1MzA5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--284a055c-2701-416d-ac91-4c38d98bb625", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.622Z", "modified": "2020-09-30T16:27:58.623Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY1NwaWxsRmlsZXNDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--65ac8863-ccd7-43f7-84bc-47678fbaa984", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.639Z", "modified": "2020-09-30T16:27:58.639Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--29a401e1-3c47-4006-9a30-9828cfe58e3c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.655Z", "modified": "2020-09-30T16:27:58.655Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ab806fa2-39ff-43ae-8099-0d2dd60f4e35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.670Z", "modified": "2020-09-30T16:27:58.670Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--640879ad-48b6-484a-ba37-00966ac01ca0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.689Z", "modified": "2020-09-30T16:27:58.689Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--25c629c2-1663-47d0-9ea8-22d2322a80dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.706Z", "modified": "2020-09-30T16:27:58.706Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8804c100-0d37-461c-b39e-0757446dc54a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.722Z", "modified": "2020-09-30T16:27:58.722Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjg2MDA5MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--cc5eea82-9a84-4967-ab7f-c3d11b7d89f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.738Z", "modified": "2020-09-30T16:27:58.738Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExMjc0NTUwNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--966de007-c02d-4892-be40-2237647841db", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.754Z", "modified": "2020-09-30T16:27:58.754Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--4a0dcd79-38cb-453e-9465-fb4056a61e41", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.770Z", "modified": "2020-09-30T16:27:58.770Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODYwMDY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--11107d26-86bb-4ad2-9193-14879c00a290", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.785Z", "modified": "2020-09-30T16:27:58.785Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--71ba5119-8a05-4faf-baf9-560c2540738d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.802Z", "modified": "2020-09-30T16:27:58.802Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1b399634-3516-4d33-9bda-5514a00fd3d4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.818Z", "modified": "2020-09-30T16:27:58.818Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--bc2b3afa-a117-49c2-b057-cb440e7ad007", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.834Z", "modified": "2020-09-30T16:27:58.834Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My44MzM1NjM3NzY5MjEwMDVFLTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a8924691-5d4a-4bab-a726-3195e52b883f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.851Z", "modified": "2020-09-30T16:27:58.851Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1Mzc1MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--46fd79d5-1204-4585-a05c-a442bb49aca5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.867Z", "modified": "2020-09-30T16:27:58.867Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--14cd0836-7ad6-4f1a-b30d-0a3ef903a1d7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.883Z", "modified": "2020-09-30T16:27:58.883Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2a7fc87f-02c8-44bd-a2fc-c0f0069eb60b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.899Z", "modified": "2020-09-30T16:27:58.899Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjAwODA2MjEyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--34aa64e9-7367-401b-a721-a458bdd56b22", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.915Z", "modified": "2020-09-30T16:27:58.915Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a9cf2236-63a6-42db-bfd6-9cd1dd84f826", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.931Z", "modified": "2020-09-30T16:27:58.931Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--057ea3a6-ec78-4fba-a159-395b826aad59", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.946Z", "modified": "2020-09-30T16:27:58.946Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NDE3MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--632409a3-a0d1-4928-9dbe-9e1f0092f322", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.962Z", "modified": "2020-09-30T16:27:58.962Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a808fe81-bd23-46ef-90cc-553d196ae827", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.977Z", "modified": "2020-09-30T16:27:58.977Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04NTU0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--df53f284-6b74-480a-9412-437ae31f6d40", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:58.995Z", "modified": "2020-09-30T16:27:58.995Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODUwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f3017948-4337-4db2-b5a4-cdaa95c725b3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.011Z", "modified": "2020-09-30T16:27:59.011Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--18285b62-1223-4470-a186-200691461c23", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.026Z", "modified": "2020-09-30T16:27:59.026Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--726cd9b0-85ed-4f6f-9fb8-307a1de703a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.042Z", "modified": "2020-09-30T16:27:59.042Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNDUyNDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--69e722b1-fe4d-4aed-81b8-47180597e365", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.059Z", "modified": "2020-09-30T16:27:59.059Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3d04aa87-928a-4623-a2ed-306fcb6c1662", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.076Z", "modified": "2020-09-30T16:27:59.076Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTQxODE3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8e5cc08c-f949-40db-81db-0b11c7e767ab", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.093Z", "modified": "2020-09-30T16:27:59.093Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f519a574-8c52-4c80-bb7d-18afe6ab9244", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.108Z", "modified": "2020-09-30T16:27:59.108Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c658db9d-ff6c-4c60-852c-f770526ec2f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.123Z", "modified": "2020-09-30T16:27:59.124Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ea379c1e-b5e9-4712-bbb1-ab73f7f8980a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.139Z", "modified": "2020-09-30T16:27:59.139Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5f051de9-7751-4d8a-a1b5-935339df871d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.157Z", "modified": "2020-09-30T16:27:59.157Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ba1fcb0f-7d9d-4511-ad89-084401f599a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.173Z", "modified": "2020-09-30T16:27:59.173Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a94bfaed-6b65-49b5-8ee6-1e83a4e5c847", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.189Z", "modified": "2020-09-30T16:27:59.189Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxMTU0NjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--36a8678f-972d-4da0-b535-86218bbc721b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.205Z", "modified": "2020-09-30T16:27:59.205Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzExNTQ0Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e650c19a-ac4e-46d8-9fb8-5e31e7c3ce7d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.221Z", "modified": "2020-09-30T16:27:59.221Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00NTQwMTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9c8ebd8c-b6c5-4cce-a1cf-bfb628d995f2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.236Z", "modified": "2020-09-30T16:27:59.236Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTE0MTYxMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d821cdc8-cf5a-4895-98f1-e43b7bca02f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.252Z", "modified": "2020-09-30T16:27:59.252Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMxNTM1OTIzMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--886d670c-36b9-42f0-90ae-089bcf5e444f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.267Z", "modified": "2020-09-30T16:27:59.267Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--35db4087-4345-4981-a347-c5d9f4885e91", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.283Z", "modified": "2020-09-30T16:27:59.283Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6d98ec1e-5352-42ed-a7e9-3fa37801eba6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.301Z", "modified": "2020-09-30T16:27:59.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8bb95112-c411-4317-92e7-d91693324568", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.320Z", "modified": "2020-09-30T16:27:59.320Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgyOTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3c3e67fa-349d-4a04-8a47-5aa20ed870c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.340Z", "modified": "2020-09-30T16:27:59.340Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b4b18105-c43f-48f2-bf42-4c49f9eb49c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.362Z", "modified": "2020-09-30T16:27:59.362Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDAxMTMzMDE0ODQ2ODA0NDc5Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a2b42826-a5c0-42ca-b67e-1b328e8c5284", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.386Z", "modified": "2020-09-30T16:27:59.386Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--dae5c91b-6445-437d-9bdf-d017d875a2a7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.409Z", "modified": "2020-09-30T16:27:59.409Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5f7b689c-7101-485c-bb39-487c6c66137d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.435Z", "modified": "2020-09-30T16:27:59.435Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA5MzAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--df614eab-889f-4e85-81ee-6f52b2c430a4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.460Z", "modified": "2020-09-30T16:27:59.460Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--07933075-872c-4486-a657-7b631ebd1dba", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.483Z", "modified": "2020-09-30T16:27:59.483Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDE4MDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f44be435-05c8-4e85-89e5-ab50197553b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.507Z", "modified": "2020-09-30T16:27:59.507Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8d3a3dd5-a335-46e9-8a78-a6cd384a8f52", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.566Z", "modified": "2020-09-30T16:27:59.566Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6e1209d8-bc0c-477f-a6b5-11b41781cc94", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.589Z", "modified": "2020-09-30T16:27:59.589Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzI0MDg1NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3dd74831-65d9-4157-b481-b682348d0fa3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.612Z", "modified": "2020-09-30T16:27:59.612Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--cf413574-d2a5-4c56-aee4-c33467409f55", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.635Z", "modified": "2020-09-30T16:27:59.635Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--44ee24a5-d369-422a-a6a8-20dd391cd2af", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.658Z", "modified": "2020-09-30T16:27:59.658Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6b003dd8-7369-4f5b-bcf2-b4fe0cf15e10", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.681Z", "modified": "2020-09-30T16:27:59.681Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI2NDE1Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--64572a4f-59dc-4b04-849f-c534bc5b9ff2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.703Z", "modified": "2020-09-30T16:27:59.703Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--dadc173d-d4bb-4508-8c17-554b9cba7cd3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.725Z", "modified": "2020-09-30T16:27:59.725Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2784d154-97e7-48a0-8364-cbd4aab52655", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.750Z", "modified": "2020-09-30T16:27:59.750Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--51547323-a173-40cb-a8d4-8b3c93a00b9f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.770Z", "modified": "2020-09-30T16:27:59.770Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI5NjUwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--bfc99106-b751-4040-be74-8cfb37d9fe4a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.791Z", "modified": "2020-09-30T16:27:59.791Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03ODc5OTgzMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--61220a1b-c8d3-4768-8895-7fbb35d5d136", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.814Z", "modified": "2020-09-30T16:27:59.814Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9662908f-4fe8-4ea3-ad40-48045c1125ae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.837Z", "modified": "2020-09-30T16:27:59.837Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7cf120ff-a7b0-4108-999b-4b4520077aed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.859Z", "modified": "2020-09-30T16:27:59.860Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7809424d-3c76-4fb3-89f1-0b2596083bea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.879Z", "modified": "2020-09-30T16:27:59.879Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjk2NTAzMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--282c3eaa-2b28-44f1-b99e-0e9ebd952dfa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.900Z", "modified": "2020-09-30T16:27:59.900Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5cc84f95-d892-4da6-90cc-2fc3cd1a8eb1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.921Z", "modified": "2020-09-30T16:27:59.921Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuNjMxNzI4NjQ1NTcyMDZFLTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e84401e8-4244-4fe3-8864-4da572ae91f6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.940Z", "modified": "2020-09-30T16:27:59.940Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDcxNzAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7b2c51a7-e1a7-4651-b745-01a3cd12b5f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.961Z", "modified": "2020-09-30T16:27:59.961Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0abac449-65c6-49c7-993c-4c494353125d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:27:59.981Z", "modified": "2020-09-30T16:27:59.981Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0faedb19-3d1c-42f6-bf36-44e3a8192c25", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.001Z", "modified": "2020-09-30T16:28:00.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9de0061d-4e84-4ba1-ad49-9197e8a137aa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.021Z", "modified": "2020-09-30T16:28:00.021Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f62ae403-e5bb-4e15-8531-c1afd99ed065", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.040Z", "modified": "2020-09-30T16:28:00.040Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5d9e441d-569a-4ef2-ad94-fd514725cdb3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.062Z", "modified": "2020-09-30T16:28:00.062Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNDI1ODgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c6343cd1-71ba-4bda-9517-a6ae8ee5dba8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.081Z", "modified": "2020-09-30T16:28:00.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyOTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--81c13689-93f2-414f-b9b8-9d989d5b529e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.102Z", "modified": "2020-09-30T16:28:00.102Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzMyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--be84cefc-6015-42b1-866b-d4f344c977f3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.121Z", "modified": "2020-09-30T16:28:00.121Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY0MTAzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--73b53950-9b90-4c99-b80c-eb45e55f3e49", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.141Z", "modified": "2020-09-30T16:28:00.141Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--754c68ca-d40a-4591-9676-dcbe111f7ddb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.162Z", "modified": "2020-09-30T16:28:00.162Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xOTY1ODM0MjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a9a4e043-5ba2-49f2-aff4-30def771c448", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.185Z", "modified": "2020-09-30T16:28:00.185Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9c24b753-a1ff-4c22-a582-f7ceb5c52675", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.204Z", "modified": "2020-09-30T16:28:00.204Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0a269939-a237-4048-829a-8f1e2992498f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.224Z", "modified": "2020-09-30T16:28:00.224Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--fb169aec-c406-45ba-a055-7624332b8e06", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.243Z", "modified": "2020-09-30T16:28:00.243Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ce945860-7039-42ad-91a2-cbb25e676890", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.264Z", "modified": "2020-09-30T16:28:00.264Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1OTk5NTQ4MDcyNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ef549a6c-e97f-4bf4-be5f-40764ef39dea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.284Z", "modified": "2020-09-30T16:28:00.284Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6b4afe24-1a49-4c04-bc1b-151197931a2d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.304Z", "modified": "2020-09-30T16:28:00.304Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudE9uRGlzawlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--4dda014d-13a0-422d-8b32-45bd89dfad8f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.324Z", "modified": "2020-09-30T16:28:00.324Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--68181c70-e4a9-4f78-ad62-f5efee40c0fe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.347Z", "modified": "2020-09-30T16:28:00.347Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdFNwaWxsb3ZlclRocmVzaG9sZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTUwMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--25a090ac-51dd-4f94-9b71-2a12334594ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.369Z", "modified": "2020-09-30T16:28:00.369Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b9ecba72-f08a-41f3-8d7a-718e47a2e737", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.391Z", "modified": "2020-09-30T16:28:00.391Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--68bbceba-ec5a-4fb4-85c9-939e489c85d6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.413Z", "modified": "2020-09-30T16:28:00.413Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f9b6321c-ea8b-4973-9e2f-03330921b90a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.438Z", "modified": "2020-09-30T16:28:00.438Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODg1MDMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b379c913-2640-44ca-89a1-9f85873a5b5f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.462Z", "modified": "2020-09-30T16:28:00.462Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--51ff51ca-9711-4a8c-a733-bf983903c32a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.482Z", "modified": "2020-09-30T16:28:00.482Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b9761398-77c0-4ce5-8a48-1a4a22ab2c68", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.504Z", "modified": "2020-09-30T16:28:00.504Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI4ODUwMTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--01761c92-125e-4d82-b346-59ee2e931fc1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.523Z", "modified": "2020-09-30T16:28:00.523Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d3a49422-ce20-4c5d-8551-2d365e1d5d55", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.543Z", "modified": "2020-09-30T16:28:00.543Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQxNjQzMTA0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--29381353-85b3-4e33-9a65-1f89adb7eb79", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.565Z", "modified": "2020-09-30T16:28:00.565Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a3febc13-aaf9-4942-b5c7-5815ba526043", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.586Z", "modified": "2020-09-30T16:28:00.586Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjQ4NzQwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--32250a08-5803-4c79-af4a-a36eeaec08cf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.605Z", "modified": "2020-09-30T16:28:00.605Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--270fe571-0559-4109-a781-e65965d8fc2f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.625Z", "modified": "2020-09-30T16:28:00.625Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--72bb7f06-a786-4738-b08b-bb927c13af89", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.647Z", "modified": "2020-09-30T16:28:00.647Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--20cc53fc-e4cb-41bc-b7d7-48cf8c20302f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.670Z", "modified": "2020-09-30T16:28:00.670Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a04f3cf6-5ab2-4013-b7d8-8bc13946fa89", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.692Z", "modified": "2020-09-30T16:28:00.692Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02LjE3MzcxMzUzNTI5ODQwNUUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2b8c4b21-4152-4a18-9932-1e98b934c462", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.712Z", "modified": "2020-09-30T16:28:00.712Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzQyOTE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c72ed593-12e0-4054-b158-fe9fe2c6f19d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.733Z", "modified": "2020-09-30T16:28:00.733Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5efef8cc-c406-4fd7-adf0-b2d34c30938f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.754Z", "modified": "2020-09-30T16:28:00.754Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e6d26ca0-b64f-4878-8128-824e90c8db11", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.777Z", "modified": "2020-09-30T16:28:00.777Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1f67551b-1f3b-4d82-8274-3e5cfde7eab7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.797Z", "modified": "2020-09-30T16:28:00.797Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkxNjcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--bb2e6994-0be2-42c8-ab1e-6ab614b7eabf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.818Z", "modified": "2020-09-30T16:28:00.818Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--4d99849d-a6c4-490f-871c-b09ed45ce956", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.838Z", "modified": "2020-09-30T16:28:00.838Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0c31977f-17f7-4c2d-999c-968f3baf1ef4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.858Z", "modified": "2020-09-30T16:28:00.858Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05MTY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--cd679bf5-3043-429e-9f77-d49b1903211f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.878Z", "modified": "2020-09-30T16:28:00.878Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--cdbafee1-d349-4564-8a39-b6e7c19dc4f0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.899Z", "modified": "2020-09-30T16:28:00.899Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTU5OTk1NDgwNzI0Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--416b1287-6a68-4fa2-b2a1-e483fe6debf9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.920Z", "modified": "2020-09-30T16:28:00.920Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTgyODcwMDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e316f53d-3ea5-4329-8487-4d448dff27a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.940Z", "modified": "2020-09-30T16:28:00.940Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--50715b77-304a-4e48-b329-80a04838e090", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.962Z", "modified": "2020-09-30T16:28:00.962Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudEluTWVtb3J5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f908d4a9-d671-43ec-9393-40247c1471ed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:00.982Z", "modified": "2020-09-30T16:28:00.982Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--43a24c86-1558-4c0b-994c-319fe8557415", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.004Z", "modified": "2020-09-30T16:28:01.004Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--67ba7c60-bfd8-4e21-9457-9fdab4952057", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.024Z", "modified": "2020-09-30T16:28:01.024Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a82b3763-7f19-45cd-9084-54e403a80428", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.043Z", "modified": "2020-09-30T16:28:01.043Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--3f4b0f82-481a-4dbb-8b42-e6b671b1cf42", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.063Z", "modified": "2020-09-30T16:28:01.063Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY5OTA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--20006f30-633e-496b-ae74-fe9fbdf5e4de", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.084Z", "modified": "2020-09-30T16:28:01.084Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--d17bf582-7ef0-48e0-ad8e-96a74537d77b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.105Z", "modified": "2020-09-30T16:28:01.105Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--18ead88e-4158-45c4-b6f3-8460359daef3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.124Z", "modified": "2020-09-30T16:28:01.124Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c30db1c9-51ab-4098-8f58-885f8a68031a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.146Z", "modified": "2020-09-30T16:28:01.146Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1b09fc8b-aff2-4eab-981f-02cf45faa0cf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.168Z", "modified": "2020-09-30T16:28:01.168Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7cc6645b-c34a-4794-853e-37a873f49320", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.189Z", "modified": "2020-09-30T16:28:01.189Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExNTM4OTg2ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8afbed15-e0e8-4e61-abd1-28cf7e99f3bb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.211Z", "modified": "2020-09-30T16:28:01.211Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRDUFVVc2FnZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkuMjUzNzQ4NDU1NDQzMDA2RS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ee082946-b7c9-462a-850e-44b0cf7ba688", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.234Z", "modified": "2020-09-30T16:28:01.234Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--b53ba752-55e9-4514-b879-61e701f85eea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.260Z", "modified": "2020-09-30T16:28:01.260Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjc2MjkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7158511f-510b-4f7b-81c5-9d929e33e8f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.285Z", "modified": "2020-09-30T16:28:01.285Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNzYyODczCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ddcadb6b-413c-41de-8a8e-45ad2ff46ef1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.314Z", "modified": "2020-09-30T16:28:01.314Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a789a453-f205-4a2a-b712-cdae53c8a883", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.339Z", "modified": "2020-09-30T16:28:01.339Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNzU1MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c95705a0-8e43-4982-8ea8-6bb64b80c5ab", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.365Z", "modified": "2020-09-30T16:28:01.365Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wNzIxODk1Njg5MTg1ODA5OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--bffaa072-a27d-484e-a9b1-22e7d56c15dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.391Z", "modified": "2020-09-30T16:28:01.391Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c53d7a17-4533-49c8-a141-7048c53ebdff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.417Z", "modified": "2020-09-30T16:28:01.417Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5b05d704-ce1f-4da4-8d9c-1a329d7594d3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.440Z", "modified": "2020-09-30T16:28:01.440Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ2MDY3MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--8c38476f-072c-4fcf-9da0-d1e7513e8525", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.463Z", "modified": "2020-09-30T16:28:01.463Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ed0d430f-5888-4414-a863-083aefac9be0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.486Z", "modified": "2020-09-30T16:28:01.486Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--2ecbe658-e645-4cbc-877a-c1ad8926842f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.508Z", "modified": "2020-09-30T16:28:01.508Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRTZXNzaW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--57aa3156-d211-4d8f-a629-102858540dd8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.528Z", "modified": "2020-09-30T16:28:01.528Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c537c824-73e4-45b5-85e4-59fffd33d6ad", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.547Z", "modified": "2020-09-30T16:28:01.547Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE0OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--23414b23-8b62-4ff0-8af4-802e86c138e2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.568Z", "modified": "2020-09-30T16:28:01.568Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjY0NjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--58bb47fa-12c1-4a43-b079-91f0840728da", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.589Z", "modified": "2020-09-30T16:28:01.589Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzg1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--f119b30d-760b-4bf8-abd5-7c21da67a095", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.609Z", "modified": "2020-09-30T16:28:01.609Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjk1MjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0c97f7bf-4a84-4e99-b42a-4e248903b97c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.629Z", "modified": "2020-09-30T16:28:01.629Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI5Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--576b33ef-317a-47ba-b403-36baa766d075", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.648Z", "modified": "2020-09-30T16:28:01.648Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--63fa279d-f74a-4fad-849c-fac03e0c9498", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.669Z", "modified": "2020-09-30T16:28:01.669Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMzE3NzkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--5a8cb2df-3529-4707-9719-838e99b7b661", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.689Z", "modified": "2020-09-30T16:28:01.689Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9d3f38c6-5fe1-4bf3-a142-5e010dbedc6d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.709Z", "modified": "2020-09-30T16:28:01.709Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--ce1d1374-785e-4114-a709-228f0548f66c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.728Z", "modified": "2020-09-30T16:28:01.728Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--1a66b301-424b-4639-b0a0-aaec105f0268", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.748Z", "modified": "2020-09-30T16:28:01.748Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--c0501861-16f5-4c21-91e4-22d5454d4e76", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.769Z", "modified": "2020-09-30T16:28:01.769Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1MTAwMTQ5NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--a0e88c2a-4b12-4ccb-af4c-773d48b4360d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.791Z", "modified": "2020-09-30T16:28:01.791Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ3OTc2MDA0NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--7e38afa7-f76e-4f2a-90a1-7078b3c18291", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.811Z", "modified": "2020-09-30T16:28:01.811Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--0064cf5d-cd46-4500-82ad-1912ffb45016", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.832Z", "modified": "2020-09-30T16:28:01.832Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--9c64c1e4-9d87-4a43-be17-6f4a7038092a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.852Z", "modified": "2020-09-30T16:28:01.852Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--d235f0f9-993f-4a3e-9526-bde3ce1c7e36", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.872Z", "modified": "2020-09-30T16:28:01.872Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3NTA4MTAzMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--6235603e-ffab-4d00-ac46-b3947be48258", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.891Z", "modified": "2020-09-30T16:28:01.891Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDc5NzYwMDMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.747Z", "last_observed": "2020-09-30T16:26:00.747Z", "number_observed": 1 }, { "id": "observed-data--e3f9d672-e1fa-4296-b2e5-81a88a827033", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.911Z", "modified": "2020-09-30T16:28:01.911Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExMzk0MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--df94f8f7-cd84-4550-b93d-a40b1233832a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.932Z", "modified": "2020-09-30T16:28:01.932Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--2d9b1176-3edd-4bd4-8dae-7df19d69b869", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.953Z", "modified": "2020-09-30T16:28:01.953Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--b80457a6-3c1d-4c16-b260-ba645bbc3670", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.973Z", "modified": "2020-09-30T16:28:01.973Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mi44MjU3NDQ3MjI5OTI2NzI1RS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--a0915848-c157-4348-a68f-cb601d774152", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:01.995Z", "modified": "2020-09-30T16:28:01.995Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--66a49d0b-56b4-48f2-9fd1-9100d47d37ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.015Z", "modified": "2020-09-30T16:28:02.015Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--6e3313e5-753c-4168-bcb4-f264a4516aa6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.035Z", "modified": "2020-09-30T16:28:02.035Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NTk3OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--70201a6b-ed11-4330-9d10-a5675579473c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.055Z", "modified": "2020-09-30T16:28:02.055Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--33822134-dcae-489d-958b-fe1700e74bb2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.074Z", "modified": "2020-09-30T16:28:02.074Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--25aa0846-a534-4782-be54-d222b6bb533c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.094Z", "modified": "2020-09-30T16:28:02.094Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzU5NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--6568ad9b-cbd8-496b-99fd-908eab4559ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.114Z", "modified": "2020-09-30T16:28:02.114Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTUzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--1e701eaf-8fbb-4a1b-99c5-1bf5c4e75bc8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.133Z", "modified": "2020-09-30T16:28:02.133Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--13c5f05f-b550-4ff0-99c2-ec705337897f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.152Z", "modified": "2020-09-30T16:28:02.152Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEzMTc2NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--8dc11f05-94f0-4293-a6d6-326527d0cbcd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.175Z", "modified": "2020-09-30T16:28:02.175Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03NjMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--64c2760a-952b-434c-8527-192937de1059", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.194Z", "modified": "2020-09-30T16:28:02.194Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2MTQ1MTc3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--3e4f9e64-29de-4493-9ccd-0bc4ca5a7b4f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.214Z", "modified": "2020-09-30T16:28:02.214Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MTA0Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--b307ae5d-e720-4ffb-8e84-e5aaa56cea67", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.234Z", "modified": "2020-09-30T16:28:02.234Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.748Z", "last_observed": "2020-09-30T16:26:00.748Z", "number_observed": 1 }, { "id": "observed-data--db8f363a-7fc1-4c22-9567-e4592542b44f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.254Z", "modified": "2020-09-30T16:28:02.254Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2a407e1b-14f9-401a-bb64-69542c60474b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.274Z", "modified": "2020-09-30T16:28:02.274Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--835ebbd3-a254-40b8-90c9-65453c921176", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.293Z", "modified": "2020-09-30T16:28:02.293Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ea5c00d9-d8f1-46e6-b726-c9f554650f43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.313Z", "modified": "2020-09-30T16:28:02.313Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2173deed-5224-4c48-b53f-36e6e3170c06", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.334Z", "modified": "2020-09-30T16:28:02.334Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1da6441a-eef1-47cb-b925-4a905d021f25", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.354Z", "modified": "2020-09-30T16:28:02.354Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxMzUwMTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a6ff4c94-52a8-4c95-a51c-5bfafedf6451", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.375Z", "modified": "2020-09-30T16:28:02.375Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b4218136-8cdf-4fcf-8b6d-35eb763bf238", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.395Z", "modified": "2020-09-30T16:28:02.395Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzEzNTAwOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ab8db503-dcc9-4384-81fc-7d6b1588a0dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.416Z", "modified": "2020-09-30T16:28:02.416Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MTA0MTMyMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2e582edf-de4e-46b5-9b4b-f4254d6c0142", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.436Z", "modified": "2020-09-30T16:28:02.436Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--22ce2d97-aa24-488c-b892-839643fc6e07", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.456Z", "modified": "2020-09-30T16:28:02.456Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--eac23923-68ab-409b-a354-bb38ab6c6ca6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.477Z", "modified": "2020-09-30T16:28:02.477Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDcwOTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--403bfb91-bf7f-4bdc-a744-161ad0db9d15", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.497Z", "modified": "2020-09-30T16:28:02.497Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--229fcf4e-5c14-4934-b1dd-3098c4d9f300", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.517Z", "modified": "2020-09-30T16:28:02.517Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuNjY1MzYxMDY5OTIzMDkxNUUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--52f12131-b373-4b42-80cc-dc0df3cd9637", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.537Z", "modified": "2020-09-30T16:28:02.537Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0eeff4fa-770c-4ca1-8d61-b6dfa72a43ac", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.557Z", "modified": "2020-09-30T16:28:02.557Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgxMzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b10f8c1e-b840-4c47-a7e1-2588631a2928", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.579Z", "modified": "2020-09-30T16:28:02.579Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--37eff1f3-7698-4117-9217-c2006cb24676", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.599Z", "modified": "2020-09-30T16:28:02.599Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c0429867-bc45-4e4f-bf89-8fcf477bf9d2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.619Z", "modified": "2020-09-30T16:28:02.619Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d7a3d3aa-1b17-48f9-adfc-aeeb7fc5c5a9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.638Z", "modified": "2020-09-30T16:28:02.638Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--393f05f6-da9e-444c-ab63-139e9a0f685b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.658Z", "modified": "2020-09-30T16:28:02.658Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODgyNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--74d82430-0a49-4380-a6bf-899279da1427", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.679Z", "modified": "2020-09-30T16:28:02.679Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--e0d904a6-b300-4082-8967-d355bba305ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.700Z", "modified": "2020-09-30T16:28:02.700Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg0NzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6100ac30-7557-421a-bf39-bc0819208c78", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.722Z", "modified": "2020-09-30T16:28:02.722Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwOTE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--47748a19-23a5-44d6-890e-d9765665e636", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.742Z", "modified": "2020-09-30T16:28:02.742Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xODg1OTYyMjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--3392d3a0-2cde-4682-9226-3af82d985c93", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.766Z", "modified": "2020-09-30T16:28:02.766Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--08923231-32dd-4f0f-941a-f3c26537f3a0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.786Z", "modified": "2020-09-30T16:28:02.786Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--12fbffd6-b71f-45c2-93b4-024deae25adc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.807Z", "modified": "2020-09-30T16:28:02.807Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MC40Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--5e3fcecd-e5a8-4a11-8714-8bb66f80a527", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.827Z", "modified": "2020-09-30T16:28:02.827Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTA1MTQ3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8d0f8141-84ad-4dbb-a2f8-d2a0782225bc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.848Z", "modified": "2020-09-30T16:28:02.848Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--62241ab8-0c8b-4eb3-b424-86abf575234d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.870Z", "modified": "2020-09-30T16:28:02.870Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--5023d2b2-79ac-4a3f-a6ca-f5209b0e9ad2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.893Z", "modified": "2020-09-30T16:28:02.893Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vYm9vdAlWYWx1ZT0wLjE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c7e4b880-a00a-4ccb-a340-e2387994a15c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.916Z", "modified": "2020-09-30T16:28:02.916Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vc3lzL2ZzL2Nncm91cAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--46deabe7-b2c9-49f3-849f-675c4587bc6a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.938Z", "modified": "2020-09-30T16:28:02.938Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuL3VzZXIvMAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--06292fae-8463-4b56-95f1-2714e5731186", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.963Z", "modified": "2020-09-30T16:28:02.963Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2CVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ad722a30-ed77-47dd-a220-2218a42d826d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:02.985Z", "modified": "2020-09-30T16:28:02.985Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2L3NobQlWYWx1ZT0wLjAxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--af9d3231-4175-4a6b-8537-70e6691ae294", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.007Z", "modified": "2020-09-30T16:28:03.007Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuCVZhbHVlPTAuMTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8bf6a7a6-4a7e-48d5-b238-b968e8f93eea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.027Z", "modified": "2020-09-30T16:28:03.027Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--92df429a-92f8-497e-9e48-6180dcdbbfca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.047Z", "modified": "2020-09-30T16:28:03.047Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Jb1dhaXQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7292b67b-af2f-4f70-87f9-46575e25482d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.068Z", "modified": "2020-09-30T16:28:03.068Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeUZyZWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NTAwNDQ0LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--83e19473-5b00-452e-a273-810984c1dc67", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.088Z", "modified": "2020-09-30T16:28:03.088Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMTUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NS45NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0a64051c-fec3-4615-a001-64fa5eec43b1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.108Z", "modified": "2020-09-30T16:28:03.108Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2RldglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c4f37763-5000-4f2b-abba-e73980e84e5c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.128Z", "modified": "2020-09-30T16:28:03.128Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bi91c2VyLzAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--68a22c4b-5f92-4d1d-837d-6cb7af8a7650", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.148Z", "modified": "2020-09-30T16:28:03.148Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3N5cy9mcy9jZ3JvdXAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--78242139-c9ed-437e-a260-287132c392c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.170Z", "modified": "2020-09-30T16:28:03.170Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Jvb3QJVmFsdWU9MTc4MTA2MzY4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ff35efeb-69aa-4b63-986b-2bde68d004a5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.190Z", "modified": "2020-09-30T16:28:03.190Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Rldi9zaG0JVmFsdWU9MjA0ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c663d768-306a-401d-8040-f5cb1d49a5a5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.210Z", "modified": "2020-09-30T16:28:03.210Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bglWYWx1ZT04NTY3NjQ0MTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--5485f7e7-4978-4876-afc1-6f893fae4aac", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.231Z", "modified": "2020-09-30T16:28:03.231Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9LwlWYWx1ZT05MDY1NjI2NDE5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b29d7adf-775f-4235-9216-3c5f39cfbfa2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.251Z", "modified": "2020-09-30T16:28:03.251Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xLjgzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0e2958f6-9a16-43bf-af2a-4f8830de5935", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.270Z", "modified": "2020-09-30T16:28:03.270Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnNQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02LjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a4febc6d-69a2-44c6-b330-c1e6e5fd0bf0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.290Z", "modified": "2020-09-30T16:28:03.290Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyLjA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--3c7ec746-c959-4950-a1fd-954bb58fbb9e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.309Z", "modified": "2020-09-30T16:28:03.309Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxNTUwMzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1dc4c16d-ad91-4cc5-b3c3-4360908f55c3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.328Z", "modified": "2020-09-30T16:28:03.328Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTc4ODgwOTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2d8078c1-9765-4e78-9c86-7443cf54f798", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.349Z", "modified": "2020-09-30T16:28:03.349Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f177658a-d9f7-4df7-a8a7-00829011cf91", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.371Z", "modified": "2020-09-30T16:28:03.371Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzE1NTAyNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d93d1007-4590-4948-8e32-65845ae5b583", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.392Z", "modified": "2020-09-30T16:28:03.392Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OaWNlQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b69a75e7-be83-4b76-aefd-8abd69837983", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.412Z", "modified": "2020-09-30T16:28:03.412Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ca7a4129-b4f1-4788-b4b3-bbe1f0a67dd8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.432Z", "modified": "2020-09-30T16:28:03.432Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA1OTM2NjE0NjYwOTQwMTk4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9131c227-2dcd-4bac-ac3d-56a4346184fc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.453Z", "modified": "2020-09-30T16:28:03.453Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ0MS40OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--68cf7b75-0ee8-4365-9ee9-48bf73fdc5d0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.475Z", "modified": "2020-09-30T16:28:03.475Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjI0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--de5119fa-70eb-4fb6-98c0-a85f9dfd7bce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.495Z", "modified": "2020-09-30T16:28:03.495Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9MC4yCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a49a1731-c948-4641-ae82-143711bca7d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.515Z", "modified": "2020-09-30T16:28:03.515Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MC4wMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7fc64e0b-f961-4ba4-8f33-0df563f91fed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.535Z", "modified": "2020-09-30T16:28:03.535Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTIuMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--bff435aa-68f5-4862-8ad4-a2b536eabc38", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.557Z", "modified": "2020-09-30T16:28:03.557Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BDbG9zZVdhaXRDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--53a55c22-34a6-482f-80a7-70f9f11d393f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.577Z", "modified": "2020-09-30T16:28:03.577Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0yLjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f493bee9-b820-4be5-b109-bbb460bb275c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.597Z", "modified": "2020-09-30T16:28:03.597Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--25048fbd-7d2e-46e6-910a-84cdcff5f1a1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.617Z", "modified": "2020-09-30T16:28:03.617Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ib290CVZhbHVlPTEwNjMyNTYwNjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--647486ea-9fc8-4b9c-baea-af771aeabf6d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.637Z", "modified": "2020-09-30T16:28:03.637Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05ODAzMTUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--13b5d08e-7353-45f6-9b58-3bfdc278bbd3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.656Z", "modified": "2020-09-30T16:28:03.656Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4vdXNlci8wCVZhbHVlPTE2NjU2MTc5MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--38c4564c-d040-4a7b-ba4f-d95c67508251", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.676Z", "modified": "2020-09-30T16:28:03.676Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYJVmFsdWU9ODMxNjA1OTY0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--20a9594e-8702-4c8f-8eb6-abdf7c526891", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.695Z", "modified": "2020-09-30T16:28:03.695Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYvc2htCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ed513861-9682-4974-a862-8b67830aded0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.715Z", "modified": "2020-09-30T16:28:03.715Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9zeXMvZnMvY2dyb3VwCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7de9a59c-1931-4e0b-b3d8-35a4e383919d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.736Z", "modified": "2020-09-30T16:28:03.736Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS8JVmFsdWU9MjU4NjQ1NDI2MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ce54cfb6-a0ac-4ffb-b19b-f00a859b0f35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.757Z", "modified": "2020-09-30T16:28:03.757Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4JVmFsdWU9ODMyODA3NzMxMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c8e1057b-6bd0-4bfb-bb56-8aa895ea383c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.777Z", "modified": "2020-09-30T16:28:03.777Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTAuMDEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--717acbfe-e6b4-447c-9c2a-269c1bf51fae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.797Z", "modified": "2020-09-30T16:28:03.797Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4e7c885a-17d9-4c71-b9b6-b5c0b51c4eaa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.820Z", "modified": "2020-09-30T16:28:03.820Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--16905531-d946-49da-bf43-659e370c3302", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.841Z", "modified": "2020-09-30T16:28:03.841Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeVVzZWQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MS41NzY1MzMyRTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a247e438-4897-4138-ad1a-fc83ba7cb1a6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.861Z", "modified": "2020-09-30T16:28:03.861Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVdyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b9deb176-1068-41eb-9897-79f8ef242464", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.880Z", "modified": "2020-09-30T16:28:03.880Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--44f84c6c-9408-48ab-a7ff-a244c9f82e5a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.900Z", "modified": "2020-09-30T16:28:03.900Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXNDcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My45Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--47c13cb5-7c08-486c-a4fb-6f90d476d1f3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.920Z", "modified": "2020-09-30T16:28:03.920Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--eccc64cd-1887-4874-abfc-0ba63c66c7c3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.941Z", "modified": "2020-09-30T16:28:03.941Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1CdWZmZXJlZE1lbW9yeQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--457bed26-de6b-4e7d-ba27-3d7a85ef4228", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.961Z", "modified": "2020-09-30T16:28:03.961Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1LZXJuZWxPT01Db3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d3740f55-5218-44f0-b232-4dd011bed65f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:03.981Z", "modified": "2020-09-30T16:28:03.981Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTExNS4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--499dbfac-cb07-4163-a89e-24af28cf758f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.001Z", "modified": "2020-09-30T16:28:04.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--cbb38565-1bec-4aad-ae07-493c830f42b8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.020Z", "modified": "2020-09-30T16:28:04.020Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhcldyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--3e7e3758-aff3-4320-97ef-382cb844208b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.039Z", "modified": "2020-09-30T16:28:04.039Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--39f603f6-124f-4a39-99be-d306ce865f37", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.059Z", "modified": "2020-09-30T16:28:04.059Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f8e82014-6a83-43dc-b2f8-d4f33f8f53df", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.078Z", "modified": "2020-09-30T16:28:04.078Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--621fac74-96ca-46fc-a4da-f45656acf65c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.098Z", "modified": "2020-09-30T16:28:04.098Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VZHBDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1ff4662d-f96e-4099-9255-915b1fb2d4bf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.120Z", "modified": "2020-09-30T16:28:04.120Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTk4OTA4LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--10647a45-5f1a-48ee-aaab-df0f562510a2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.140Z", "modified": "2020-09-30T16:28:04.140Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Vc2VyQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcuNTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--01fce311-0472-47c1-affe-ad4704aa5fca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.160Z", "modified": "2020-09-30T16:28:04.160Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4f03fee3-1218-40a8-bb46-2ae50f7ab9d2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.180Z", "modified": "2020-09-30T16:28:04.180Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhckNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--baac21bf-f295-441f-aba0-dc7649a7d52b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.200Z", "modified": "2020-09-30T16:28:04.200Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MS42Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9046f01e-22dd-42ee-8289-3b088ec08045", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.220Z", "modified": "2020-09-30T16:28:04.220Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTIuMTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--828136a7-e177-4160-9e7c-59242bddf161", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.240Z", "modified": "2020-09-30T16:28:04.240Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--533bce7e-8000-468c-93dd-6f0666060022", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.259Z", "modified": "2020-09-30T16:28:04.259Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c6d896c0-2cbe-47c4-8d4e-94bf565e883b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.280Z", "modified": "2020-09-30T16:28:04.280Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bUNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d8227b24-1b51-4605-863b-f588f4dd5291", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.301Z", "modified": "2020-09-30T16:28:04.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--06ced872-1586-428a-a296-6a579ee23deb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.324Z", "modified": "2020-09-30T16:28:04.324Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5RdWV1ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--3c89eff9-dbb5-4195-9ca0-e1391e80eb7d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.345Z", "modified": "2020-09-30T16:28:04.345Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9eGZzCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c6331bea-6cf8-438d-9b08-9fc7a654b256", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.366Z", "modified": "2020-09-30T16:28:04.366Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9ZGV2dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9d0aef8d-fe85-4683-b0af-3eb9811f62fe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.386Z", "modified": "2020-09-30T16:28:04.386Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DYWNoZWRNZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNDAzMDguMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8453f101-7629-4614-bc43-caa8f153ba5c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.406Z", "modified": "2020-09-30T16:28:04.406Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNTc2ODAwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9988b44b-f689-4132-a592-bc30296b9e31", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.426Z", "modified": "2020-09-30T16:28:04.426Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhclJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--391456cb-57e1-4fe4-825e-089c6c681f9e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.447Z", "modified": "2020-09-30T16:28:04.447Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4339d62f-3258-4ba5-be19-dfb634a9a266", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.466Z", "modified": "2020-09-30T16:28:04.466Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1DcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--681e9f5b-28b4-4634-8fbf-8eae4400a321", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.487Z", "modified": "2020-09-30T16:28:04.487Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9NDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--646c8d2e-d4d0-4906-b650-60291abc9efa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.508Z", "modified": "2020-09-30T16:28:04.508Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f7f2874d-05fb-46a5-a518-135c7ced84e7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.530Z", "modified": "2020-09-30T16:28:04.530Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MjIuMTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6fa0c321-ba04-4f2f-a475-6c62d7d901c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.550Z", "modified": "2020-09-30T16:28:04.550Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--76d726ed-67f5-4843-bc76-ed9875594f8b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.571Z", "modified": "2020-09-30T16:28:04.571Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2cb63d96-eb30-468b-b8f7-87e2b10e4ec7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.591Z", "modified": "2020-09-30T16:28:04.591Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UQ1BFc3RhYmxpc2hlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NjM3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--36952254-9682-41dc-9ed2-38d5e46405f3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.612Z", "modified": "2020-09-30T16:28:04.612Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MaXN0ZW5Db25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9be43f06-a186-4099-ba3a-13430e9faed8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.631Z", "modified": "2020-09-30T16:28:04.631Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a137074a-5694-47ef-bdaf-9c6171d97c9a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.649Z", "modified": "2020-09-30T16:28:04.649Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--47ade0b6-1c85-41eb-be96-3b115eeede8f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.667Z", "modified": "2020-09-30T16:28:04.667Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--568d8c37-3d11-42b6-840b-a3bcdad41a4f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.683Z", "modified": "2020-09-30T16:28:04.683Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTQuOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7a4d9420-e3fc-4876-9eee-3d4543be7b5d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.703Z", "modified": "2020-09-30T16:28:04.703Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwVXRpbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMi40Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--91c9ab7b-38bb-45b8-a560-9585aa3c2da5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.719Z", "modified": "2020-09-30T16:28:04.719Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0zLjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--cecc22e2-6762-41ec-b8a6-621f492aee53", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.736Z", "modified": "2020-09-30T16:28:04.736Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7972a865-1637-46a2-9a38-8aa25c905e11", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.754Z", "modified": "2020-09-30T16:28:04.754Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My45Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1909b06e-2dcc-4bf3-bebf-34439b1c594d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.773Z", "modified": "2020-09-30T16:28:04.774Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BUaW1lV2FpdENvbm5lY3Rpb25zCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9bmV0c3RhdAlWYWx1ZT0xNTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--715e9b0d-c10a-412b-bee4-442efcdd90fc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.798Z", "modified": "2020-09-30T16:28:04.798Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8247b2f3-a740-4090-9dcd-8f6a61ec26ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.827Z", "modified": "2020-09-30T16:28:04.827Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a7d95bdd-1ea0-4537-be17-951cb0cc1300", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.861Z", "modified": "2020-09-30T16:28:04.861Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMDcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ba6e438c-f1e1-4f21-98cf-714fce950f17", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.889Z", "modified": "2020-09-30T16:28:04.889Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--69c14cf6-e53d-4d37-9fde-b13706aa984d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.912Z", "modified": "2020-09-30T16:28:04.912Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2b97ab35-9217-430f-881b-79fde674e6d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.945Z", "modified": "2020-09-30T16:28:04.945Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVXcml0ZUlPCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwMDcuMDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--375e7b97-a216-435a-b511-cc47fb960ccf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.971Z", "modified": "2020-09-30T16:28:04.971Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ0MS40OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--bd435ca3-8ac6-43be-9953-13bd96aad83f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:04.993Z", "modified": "2020-09-30T16:28:04.993Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9My42OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a7f3d474-ebd9-4807-98fb-82572bf14132", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.015Z", "modified": "2020-09-30T16:28:05.015Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MTEuOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ffd018b9-8da0-4557-b66d-ed901f164e3d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.036Z", "modified": "2020-09-30T16:28:05.036Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVSZWFkSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--61120f31-61aa-477e-a85e-21350266c0f3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.055Z", "modified": "2020-09-30T16:28:05.055Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMDUxMzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6c62fd55-306c-4e45-8d21-51b4a1dd6f80", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.076Z", "modified": "2020-09-30T16:28:05.076Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JZGxlQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg4LjA3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f08fb692-0361-4270-87a3-00dbe4c037da", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.096Z", "modified": "2020-09-30T16:28:05.096Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--be5a271c-3c0c-4716-9b4c-cceb32ed979a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.117Z", "modified": "2020-09-30T16:28:05.117Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMDM3MDYxMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6d625665-bd2b-43d9-9c0e-27bdcc20abdc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.137Z", "modified": "2020-09-30T16:28:05.137Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--408107ff-2c99-491d-826b-a519927d7003", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.158Z", "modified": "2020-09-30T16:28:05.158Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--051df5c3-684d-47bb-910a-1153de08b74e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.178Z", "modified": "2020-09-30T16:28:05.178Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzExMDY3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b50e23ab-72d2-45e0-af9d-3bf5fda7bc00", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.198Z", "modified": "2020-09-30T16:28:05.198Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6bb880d2-3280-4e50-9735-f50d04c9ca7c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.217Z", "modified": "2020-09-30T16:28:05.217Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--704fe383-9994-49b1-a9c5-148c958cef30", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.236Z", "modified": "2020-09-30T16:28:05.236Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--921d1535-42b4-48b7-a17c-6c3d61facd1b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.255Z", "modified": "2020-09-30T16:28:05.255Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--376bfa38-2693-4d61-891a-999ef11cdcb4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.274Z", "modified": "2020-09-30T16:28:05.274Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f055b831-9e51-4171-be7c-ad1b37363664", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.292Z", "modified": "2020-09-30T16:28:05.292Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--902d1be2-a337-48f2-8c75-d7f123a3e5c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.311Z", "modified": "2020-09-30T16:28:05.311Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--83ee20da-1566-414e-9a3c-165a63326b98", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.340Z", "modified": "2020-09-30T16:28:05.341Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QcmVwcm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--fd316396-0c24-4753-9b05-674f39520291", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.376Z", "modified": "2020-09-30T16:28:05.376Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3NTc2ODg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--06f68a8b-071c-4624-bf5e-0a2ff4fd6d2c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.402Z", "modified": "2020-09-30T16:28:05.402Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7a8f10e5-ac36-42f8-8ea3-6c23377a62cb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.428Z", "modified": "2020-09-30T16:28:05.428Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3OTg1MDUzMQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--dbdd7873-60b9-427b-ace8-bc8394405f9f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.458Z", "modified": "2020-09-30T16:28:05.458Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTUwNDUyMjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--3e671c2c-21fc-4884-9d39-74039188f107", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.488Z", "modified": "2020-09-30T16:28:05.488Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDA4NjA4NTE5NTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9a6eaf96-e176-4898-88fb-f47ad295691a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.514Z", "modified": "2020-09-30T16:28:05.514Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xODQyNDAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--34f901d7-ed9c-4b2d-a9c6-2a66c42917f2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.537Z", "modified": "2020-09-30T16:28:05.537Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--01afe979-c2e6-4822-87c1-1add589bba42", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.565Z", "modified": "2020-09-30T16:28:05.565Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4d88a8bc-f659-4a69-a051-b6cc03e07c40", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.593Z", "modified": "2020-09-30T16:28:05.593Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c910788e-700a-4bda-88fc-9bb779dad84a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.621Z", "modified": "2020-09-30T16:28:05.621Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQuNjY2MzY0NDA4MTI0MzkxRS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--af193acd-e28f-45a9-8ef2-47a073a89992", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.652Z", "modified": "2020-09-30T16:28:05.652Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMDg2MDg1MDcxMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--78549ee4-4ded-49f8-bb51-1812ee04e2ce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.683Z", "modified": "2020-09-30T16:28:05.683Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--5d48c7d1-760b-4bc9-a06e-c27ac2be3041", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.707Z", "modified": "2020-09-30T16:28:05.707Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTk5OTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a669463f-c264-4b57-a874-d31a08992531", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.732Z", "modified": "2020-09-30T16:28:05.732Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3NTc2ODg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--08d39753-227b-47ba-a6c6-fbe87484ce4a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.756Z", "modified": "2020-09-30T16:28:05.756Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--768a52aa-c6b7-41db-b614-cf829c6b6acd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.782Z", "modified": "2020-09-30T16:28:05.782Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3OTg1MDUzMQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--99b2ca82-c955-46dc-951d-23c16f6118d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.805Z", "modified": "2020-09-30T16:28:05.805Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2a639f60-1306-4246-8b7d-3b4ea53145ef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.827Z", "modified": "2020-09-30T16:28:05.827Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTQ0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--db86bee9-0fa9-4a05-9b01-32aa13384a64", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.858Z", "modified": "2020-09-30T16:28:05.858Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFjY3VtdWxhdG9yCUNvbXBvbmVudE5hbWU9YWNjdW11bGF0b3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkzNTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b3904bb4-67d8-4582-a5f7-b282ef1cc310", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.879Z", "modified": "2020-09-30T16:28:05.879Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--62defeed-7543-4928-8a60-9820d7b2aaf9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.899Z", "modified": "2020-09-30T16:28:05.900Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgzMTEwNTczCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--04ff11a4-54bd-4cd8-9143-389bfc5573e5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.920Z", "modified": "2020-09-30T16:28:05.920Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--70fd6586-c16a-4312-9961-93b356d630d7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.942Z", "modified": "2020-09-30T16:28:05.942Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6e6f3405-c7a7-4941-9eee-497cf3802bee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.962Z", "modified": "2020-09-30T16:28:05.962Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2b8d1b9c-7272-49c5-89d2-fab42e7af723", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:05.982Z", "modified": "2020-09-30T16:28:05.982Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c2d3416e-984b-4792-af02-bd9a04db9bce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.001Z", "modified": "2020-09-30T16:28:06.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--18991cf1-e4c2-42d9-84a5-c7c0a48d1021", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.020Z", "modified": "2020-09-30T16:28:06.020Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4540046a-b097-49ce-a565-a5c68791394a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.040Z", "modified": "2020-09-30T16:28:06.040Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--026baf13-f067-468e-82ad-21df836b9788", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.059Z", "modified": "2020-09-30T16:28:06.059Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hY2N1bXVsYXRvcglDb21wb25lbnROYW1lPWFjY3VtdWxhdG9yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTcwNzUyMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8f2b7c20-bc1d-4d2a-8007-6facb2e7c4d1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.077Z", "modified": "2020-09-30T16:28:06.077Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93R292ZXJuZXJRdWV1ZVNwaWxsRmlsZXNDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0e060411-8ff2-4d66-8d64-a67fa7772820", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.099Z", "modified": "2020-09-30T16:28:06.099Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTQzNTg1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--204a7855-e476-45fd-aff1-e4348b390024", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.118Z", "modified": "2020-09-30T16:28:06.118Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dyZWdhdGlvblRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YWNjdW11bGF0b3IJQ29tcG9uZW50TmFtZT1hY2N1bXVsYXRvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c127c54d-8593-44f8-93c0-bc74f3fe0a43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.136Z", "modified": "2020-09-30T16:28:06.136Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f261650b-914c-4350-ab18-94e486742ddd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.155Z", "modified": "2020-09-30T16:28:06.155Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--115cd94a-3953-41b7-b363-a72da030dbfc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.173Z", "modified": "2020-09-30T16:28:06.173Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjA2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c103da03-f0e6-45d0-bad2-21e4f2469665", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.192Z", "modified": "2020-09-30T16:28:06.192Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMzc1NTYzMDQ0OTk5OTk5OTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--21caeb3c-aa3c-45cd-8365-36a0a93ffa94", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.209Z", "modified": "2020-09-30T16:28:06.209Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--97629bc2-c4f2-4894-a2e3-c14765cd38d1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.231Z", "modified": "2020-09-30T16:28:06.231Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--074acc33-76b0-4f8a-8862-ba1c4759a038", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.249Z", "modified": "2020-09-30T16:28:06.249Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--bf2433ad-49cf-42ed-a937-afc1aa7d1f16", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.267Z", "modified": "2020-09-30T16:28:06.267Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--541a19c6-beb4-4fc1-b6a1-50d324a2830d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.285Z", "modified": "2020-09-30T16:28:06.285Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d6bbf8f9-2bc2-4910-8b0a-c071ef5e095d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.303Z", "modified": "2020-09-30T16:28:06.303Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--bba37331-5704-4bba-a455-297946c2d50c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.321Z", "modified": "2020-09-30T16:28:06.321Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFBhcnNlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--edc51a01-1fb3-4ee2-9bc2-cb637d0ef763", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.340Z", "modified": "2020-09-30T16:28:06.340Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNjM5NzE4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0a3c1d00-91ab-49a9-9f9f-889851309f16", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.362Z", "modified": "2020-09-30T16:28:06.362Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db21wcmVzc2VkRXZlbnRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MzE1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4934e851-45da-4508-8a7b-b0d9d5c208b9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.382Z", "modified": "2020-09-30T16:28:06.382Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FQ1RDUFRPRVBNYXhGaWxlQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIzNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9e3519eb-0aa0-415b-8dfc-931f0d3c9d11", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.400Z", "modified": "2020-09-30T16:28:06.400Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIwOTcyMzM5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--fadcdd81-ab6f-4057-a93e-205ef8df6499", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.421Z", "modified": "2020-09-30T16:28:06.421Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03ODU5NDcxMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1ad67c9f-7e05-4cdf-afc2-7305bef064ab", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.441Z", "modified": "2020-09-30T16:28:06.441Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93UmF0ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00LjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6178697c-d74f-44d5-8031-1933e89d98ee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.460Z", "modified": "2020-09-30T16:28:06.460Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwNTAyNzAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d1a7861c-33d7-4407-b53f-2b5ef11d2ff6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.482Z", "modified": "2020-09-30T16:28:06.482Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--05fd82c1-cab7-401c-85ac-288af03168dc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.501Z", "modified": "2020-09-30T16:28:06.501Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMzE0NjYwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--34340fd3-2f1d-4edc-ad76-9588fd0054b3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.521Z", "modified": "2020-09-30T16:28:06.521Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--07d48a78-72b1-47d9-a402-89116e61c8b9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.540Z", "modified": "2020-09-30T16:28:06.540Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA1NzYwNjgxOTU2MjI3MTY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ed8c2ed0-7c49-4375-8cf8-c59213f8d15c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.559Z", "modified": "2020-09-30T16:28:06.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1abee023-170c-487e-9569-46617c2adac6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.577Z", "modified": "2020-09-30T16:28:06.577Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA1MDI1Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--68edafdf-dabf-4620-a324-22d96407607f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.601Z", "modified": "2020-09-30T16:28:06.601Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FQ1RDUFRPRVBEaXNrU2l6ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--e26e827f-0841-4c58-8e30-a693bee65f2a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.620Z", "modified": "2020-09-30T16:28:06.620Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--31d009eb-1f80-42fd-8f5f-c1299746cf51", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.638Z", "modified": "2020-09-30T16:28:06.638Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMDUwMDc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--63b1fb2a-580a-4b26-a110-40d0540c2620", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.656Z", "modified": "2020-09-30T16:28:06.656Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFJhdGUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTI5LjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--389fad30-e715-40ac-b1ea-f54d36417936", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.674Z", "modified": "2020-09-30T16:28:06.674Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNjM5NzE4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--966e23e6-2a1b-4fb1-a559-af06106b9db6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.692Z", "modified": "2020-09-30T16:28:06.692Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--fbc761e3-3e72-482b-9a78-aeff2c7bf900", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.710Z", "modified": "2020-09-30T16:28:06.710Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIwOTcyMzM5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c6001b50-69bc-429a-8e43-9f57d8130ef6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.727Z", "modified": "2020-09-30T16:28:06.727Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--b42cbfc8-2e28-4403-bfda-49b19cafeeae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.746Z", "modified": "2020-09-30T16:28:06.746Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMjk4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--e670356d-18e7-4af4-8577-bcd193f003af", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.766Z", "modified": "2020-09-30T16:28:06.766Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93R292ZXJuZXJRdWV1ZU1heEZpbGVDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--992a17dd-9027-4455-80b1-e3d4e26cc707", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.786Z", "modified": "2020-09-30T16:28:06.786Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9c010daa-7fbe-4382-bb27-b597295cbb74", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.807Z", "modified": "2020-09-30T16:28:06.807Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIzNTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8def1636-65f2-4441-ae0e-47c1c3960b85", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.828Z", "modified": "2020-09-30T16:28:06.828Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1GbG93R292ZXJuZXJRdWV1ZURpc2tTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--e4732f58-37a8-4f0f-8e7a-018d49766314", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.851Z", "modified": "2020-09-30T16:28:06.851Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FQ1RDUFRPRVBTcGlsbEZpbGVzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--778c88ec-50f5-4ef8-ae78-66e5aaa3541a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.873Z", "modified": "2020-09-30T16:28:06.873Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--49f878a6-e70b-4c5b-b3d6-2a92db9e427a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.894Z", "modified": "2020-09-30T16:28:06.894Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDEzODQ5MDg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--fe2765f4-2a26-403a-a971-5de70a19e5d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.915Z", "modified": "2020-09-30T16:28:06.915Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDM1NjQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c2ecdc8f-0f2a-414a-85c8-5fb890d40f5f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.934Z", "modified": "2020-09-30T16:28:06.934Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDcwNTU0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--cefce085-768f-4b9f-b108-5fbf6ef60f29", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.952Z", "modified": "2020-09-30T16:28:06.952Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--78cbfeae-7086-4aa2-80c1-0e0e7e28ae04", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.969Z", "modified": "2020-09-30T16:28:06.969Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f6ed385f-d546-4896-a58b-752a2f68db98", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:06.989Z", "modified": "2020-09-30T16:28:06.989Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c1b95e25-c301-4af3-89d4-5ee37e7e29aa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.007Z", "modified": "2020-09-30T16:28:07.007Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--cc1b479f-630e-4846-a6d7-01ec25eca8b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.025Z", "modified": "2020-09-30T16:28:07.025Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0ec8c5f3-2b7a-48fd-abc5-54e6c12f0306", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.043Z", "modified": "2020-09-30T16:28:07.043Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--fa9461ca-d165-4bbe-8a8c-9aa7f82da71d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.062Z", "modified": "2020-09-30T16:28:07.062Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTMxMDAyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--4c4c97ce-0fea-4386-ac0a-99245cdeea24", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.080Z", "modified": "2020-09-30T16:28:07.080Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMzEwMDExCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--db4af27e-e398-4dda-ada1-44f0d03442e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.100Z", "modified": "2020-09-30T16:28:07.100Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI1NDEwNjkyMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0f7c4e1c-32ea-40e2-9c17-db43346a35d6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.118Z", "modified": "2020-09-30T16:28:07.118Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMzIxMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0e0e8d14-f6e9-4143-b494-b72a7a51483b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.136Z", "modified": "2020-09-30T16:28:07.136Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--ff72e68d-96aa-4043-855e-b387753fc6a3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.156Z", "modified": "2020-09-30T16:28:07.156Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--da723efb-c501-402c-8d21-ecbb94fbc03b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.174Z", "modified": "2020-09-30T16:28:07.174Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--910efd96-4d7f-4803-842b-f38ac216f3ce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.192Z", "modified": "2020-09-30T16:28:07.192Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--07c4ec67-606f-40d3-8b45-6ea8e066559f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.211Z", "modified": "2020-09-30T16:28:07.211Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--72ab3bff-6c04-49ef-94aa-4a3d4493b0dd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.229Z", "modified": "2020-09-30T16:28:07.229Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0MjU3NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6405a760-9992-44c5-b65f-99bd1ba71aab", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.246Z", "modified": "2020-09-30T16:28:07.247Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My4wNDcxMTQxMDYwNTQ0NUUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c06ae3fd-b068-4ca3-a187-422ac3b371e9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.264Z", "modified": "2020-09-30T16:28:07.264Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a2f8d5d8-c060-4ece-bda5-216a509c86fb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.282Z", "modified": "2020-09-30T16:28:07.282Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--750c87c5-bfc0-406d-b1d5-a5474de64757", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.300Z", "modified": "2020-09-30T16:28:07.300Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d228a707-4149-4c82-be5e-e09cb07f0abd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.320Z", "modified": "2020-09-30T16:28:07.320Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhpc3RvcmljYWxfY29ycmVsYXRpb25fc2VydmVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzE1Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d13a2c86-7b15-49f7-945c-db55f71510b3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.337Z", "modified": "2020-09-30T16:28:07.337Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aGlzdG9yaWNhbF9jb3JyZWxhdGlvbl9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MTkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0eba9b0a-ed42-4396-b90c-4c098b602871", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.359Z", "modified": "2020-09-30T16:28:07.359Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODE0NzAzNDEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--7f4956a2-8a38-4ed3-9fac-9f2dce389714", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.377Z", "modified": "2020-09-30T16:28:07.377Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--149f9c28-7f6b-411f-b610-b7bb2dc019fb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.395Z", "modified": "2020-09-30T16:28:07.395Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMyNDYzNjY3Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--2f3713cf-f55a-41a8-8645-eb52efbfc88b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.414Z", "modified": "2020-09-30T16:28:07.414Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db25zb2xlRXZlbnRGVFNMYXN0SW5kZXhUaW1lCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--54af4e3a-8ea4-43a0-b916-cd67a5580b1d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.432Z", "modified": "2020-09-30T16:28:07.432Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db25zb2xlRmxvd0ZUU0xhc3RJbmRleFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d796f96a-1963-42cb-9762-c8af262c3042", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.450Z", "modified": "2020-09-30T16:28:07.450Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1oaXN0b3JpY2FsX2NvcnJlbGF0aW9uX3NlcnZlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTUyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--cc8869a2-eb43-42df-92de-59ede7539269", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.468Z", "modified": "2020-09-30T16:28:07.468Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTY2LjY2NjY2NjY2NjY2NjY2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--08517dc8-cdcd-4b7f-a2d7-b49fd7b11980", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.486Z", "modified": "2020-09-30T16:28:07.486Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--83e8a9b1-109b-4b8d-9837-40ed363848f4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.505Z", "modified": "2020-09-30T16:28:07.505Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--29149e0d-36c2-46ef-b879-6ec69fa6ed08", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.522Z", "modified": "2020-09-30T16:28:07.522Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6156ae31-3de9-43fb-b6a1-fa2b7a31ede6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.540Z", "modified": "2020-09-30T16:28:07.540Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1a3500aa-95ed-464c-a5e6-2d22a9fff131", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.558Z", "modified": "2020-09-30T16:28:07.558Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0zMy4zMzMzMzMzMzMzMzMzMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--d936f713-3200-4771-8024-e4b599c00011", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.575Z", "modified": "2020-09-30T16:28:07.575Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjg0OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--86d6d5c6-09e7-45f0-90c4-3229f3b0a246", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.595Z", "modified": "2020-09-30T16:28:07.595Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Xb3JrZXJUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--0cb279fb-edc6-401e-b04b-a8fa7b09fb7c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.614Z", "modified": "2020-09-30T16:28:07.614Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5uaW5nU29ydHMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--c3134901-aa2d-4621-8c49-fee17ce4dcf8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.633Z", "modified": "2020-09-30T16:28:07.633Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--41c9792a-bc2d-4b06-98cd-f865571c1913", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.650Z", "modified": "2020-09-30T16:28:07.650Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1PcGVuQ3Vyc29ycwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjI3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--dd93f49b-41df-4b88-a53d-b5133b9fec7c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.671Z", "modified": "2020-09-30T16:28:07.671Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--9a8c76bc-eba8-45f0-8698-a2fadafcc6c3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.689Z", "modified": "2020-09-30T16:28:07.689Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--5c1bffbf-15a5-415e-8f42-32ee405933b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.708Z", "modified": "2020-09-30T16:28:07.708Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f8db0ac7-92fd-4fd1-a864-976fdcc5602f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.726Z", "modified": "2020-09-30T16:28:07.726Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--a27284f2-4029-4ad9-9a07-5b031fe7e907", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.746Z", "modified": "2020-09-30T16:28:07.746Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--8017fa81-d930-4a10-b32c-5a22c20adc5b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.764Z", "modified": "2020-09-30T16:28:07.764Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--6d3992b1-4862-4fea-b835-d573a8e04a7e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.783Z", "modified": "2020-09-30T16:28:07.783Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzQ0MDc4ODkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--e4739fea-6608-4df8-8065-822828c77162", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.801Z", "modified": "2020-09-30T16:28:07.801Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--f352ab5c-cdc5-4b3b-8d98-c0a1595e9e54", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.819Z", "modified": "2020-09-30T16:28:07.819Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.764Z", "last_observed": "2020-09-30T16:26:00.764Z", "number_observed": 1 }, { "id": "observed-data--02c7418f-9418-48c4-a74a-894dc4deeb3a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.836Z", "modified": "2020-09-30T16:28:07.836Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.764Z", "last_observed": "2020-09-30T16:26:00.764Z", "number_observed": 1 }, { "id": "observed-data--ee5d08ff-a046-4a7a-99b5-7a7c4084463a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.860Z", "modified": "2020-09-30T16:28:07.860Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVDUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--bea8f496-e0eb-47c5-b2a3-ad568e5fa484", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.915Z", "modified": "2020-09-30T16:28:07.915Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODY1MDk2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--46809c57-ab84-4d9a-9e6d-9ce0849031aa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.935Z", "modified": "2020-09-30T16:28:07.935Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BZ2dPdXRUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.763Z", "last_observed": "2020-09-30T16:26:00.763Z", "number_observed": 1 }, { "id": "observed-data--1c4ddea2-4b5d-43d2-b373-d6be88408637", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.954Z", "modified": "2020-09-30T16:28:07.954Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDM1NzY5OTUyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--260fdf26-3f3d-4ef4-99b1-f34c953262e1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.973Z", "modified": "2020-09-30T16:28:07.973Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzk4NTA1MzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--188a14ee-a384-4b5f-96f8-503435024ffe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:07.991Z", "modified": "2020-09-30T16:28:07.991Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjM0NDMwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--5174aac7-2754-46fb-b9cd-ad8b0a101cd4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.009Z", "modified": "2020-09-30T16:28:08.009Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--3998c060-696c-473c-a006-f448511b662b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.027Z", "modified": "2020-09-30T16:28:08.027Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--e113ead1-4595-4c0a-85f2-1f0b382fe334", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.044Z", "modified": "2020-09-30T16:28:08.044Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--2fb8fe5e-9aac-4e0f-b60e-9cb7f0acdf34", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.064Z", "modified": "2020-09-30T16:28:08.064Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI4NjUwNTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--60863468-cbd0-43cb-9f4d-8aa8ac32ff23", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.082Z", "modified": "2020-09-30T16:28:08.082Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--76b31dff-2993-4217-94c5-cefa4eae3a28", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.102Z", "modified": "2020-09-30T16:28:08.102Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzQ0MDc4ODkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--b4a70901-db6f-478c-bfdb-75abf71d93da", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.120Z", "modified": "2020-09-30T16:28:08.120Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--f577cc0c-d483-4ea1-9103-3593a478d5b4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.138Z", "modified": "2020-09-30T16:28:08.138Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5uaW5nUXVlcmllcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--25eddf6e-2c08-4bdc-aa3f-15107a60478e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.157Z", "modified": "2020-09-30T16:28:08.157Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Ljg3MDgzMDQzMzg1MDkwMUUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.864Z", "last_observed": "2020-09-30T16:26:00.864Z", "number_observed": 1 }, { "id": "observed-data--ccbff466-3d92-4947-ad7a-4e2880c90502", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.174Z", "modified": "2020-09-30T16:28:08.174Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTc5OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--95d2a30b-53ae-45b6-8f05-31fdd69db89f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.192Z", "modified": "2020-09-30T16:28:08.192Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJpZWxfcHJveHlfc2VydmVyCUNvbXBvbmVudE5hbWU9YXJpZWxfcHJveHkJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjAwIC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMjQ4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--dd400201-26b9-42c4-9514-d4ccb8192103", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.210Z", "modified": "2020-09-30T16:28:08.210Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mzc1MzMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--457067a7-d8ac-4987-8124-5d569b770728", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.227Z", "modified": "2020-09-30T16:28:08.227Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyaWVsX3Byb3h5X3NlcnZlcglDb21wb25lbnROYW1lPWFyaWVsX3Byb3h5CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowMCAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNzk4NTA1MzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--b6ff459f-155f-447a-beb1-cee220040a1e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.247Z", "modified": "2020-09-30T16:28:08.247Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--72d6163b-b062-4dfc-b850-f39b778af4c9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.265Z", "modified": "2020-09-30T16:28:08.265Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTUzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--494609f9-623a-4198-9770-8378f3a75b32", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.283Z", "modified": "2020-09-30T16:28:08.283Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--3d8f4068-1e6f-4c3f-acb8-dc7f60b9b684", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.301Z", "modified": "2020-09-30T16:28:08.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEwNjUzMDMwNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--444d1cb4-9813-4b53-8278-2a207b4c5df8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.318Z", "modified": "2020-09-30T16:28:08.318Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAwIDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmllbF9wcm94eV9zZXJ2ZXIJQ29tcG9uZW50TmFtZT1hcmllbF9wcm94eQlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDAgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI2ODM4Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:00.865Z", "last_observed": "2020-09-30T16:26:00.865Z", "number_observed": 1 }, { "id": "observed-data--025606b2-f9e8-4e0b-8098-fc8024803e79", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.336Z", "modified": "2020-09-30T16:28:08.336Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAyIDEyNy4wLjAuMSAgW0Fzc2V0UHJvZmlsZXJMb2dUaW1lcl0gY29tLnExbGFicy5hc3NldHByb2ZpbGUudGltZXJ0YXNrLkFzc2V0UGVyc2lzdGVuY2VMb2dUaW1lclRhc2s6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1Bc3NldCBQZXJzaXN0ZW5jZSAtIEFzc2V0cyBzZWVuIHdpdGggdG9vIG1hbnkgb3BlbiBwb3J0cyAobGFzdCBtaW51dGUpOiBOb25lCg==" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:02.202Z", "last_observed": "2020-09-30T16:26:02.202Z", "number_observed": 1 }, { "id": "observed-data--2aa38209-e2ed-4ed9-9c05-0ee47d75543f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.357Z", "modified": "2020-09-30T16:28:08.357Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjAyIDEyNy4wLjAuMSAgW0Fzc2V0UHJvZmlsZXJMb2dUaW1lcl0gY29tLnExbGFicy5hc3NldHByb2ZpbGUudGltZXJ0YXNrLkFzc2V0UGVyc2lzdGVuY2VMb2dUaW1lclRhc2s6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1Bc3NldCBQZXJzaXN0ZW5jZSBTdGF0aXN0aWNzIC0gTGFzdCA2MCBzZWNvbmRzIChjb3VudC90aW1lKTogW1RPVEFMOiAwLzAuMDAwc2VjXQo=" } }, "x_ibm_ariel": { "event_name": "Information Message", "qid": 38750003, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 65, "device_type": 147, "log_source_type_name": "System Notification", "log_source_name": "System Notification-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:02.202Z", "last_observed": "2020-09-30T16:26:02.202Z", "number_observed": 1 }, { "id": "observed-data--3659300c-0e79-4cd5-ba57-d5215d1a2e1d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.377Z", "modified": "2020-09-30T16:28:08.377Z", "objects": { "0": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "MjAwOS0wNS0xOCAxOTo1MzozMCA1NSA5NS4xNzkuMTg2LjU3IGp0dW1icmlkZ2UgR0dDXFByb3h5JTIwLSUyMFN0YW5kYXJkIC0gT0JTRVJWRUQgIlNwb3J0cy9SZWNyZWF0aW9uIiBodHRwOi8vd3d3LnVhdGlibXRldC5jb20vIDIwMCBUQ1BfUkVGUkVTSF9NSVNTIEdFVCB0ZXh0L2h0bWwgaHR0cCBtc24uZm94c3BvcnRzLmNvbSA4MCAvd2lkZ2V0L3NlY3Rpb25mcm9udC9hbGVydCA/Y2F0ZWdvcnlJZD01Nzc2IC0gIk1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDYuMDsgV2luZG93cyBOVCA1LjE7IFNWMTsgSW5mb1BhdGguMTsgLk5FVCBDTFIgMS4xLjQzMjI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjA0NTA2LjMwOyAuTkVUIENMUiAzLjAuMDQ1MDYuNjQ4KSIgMTcyLjE2LjEuMzUgMzE2IDc1NiAtCg==" } }, "x_ibm_ariel": { "event_name": "Unknown DataSecure system event", "qid": 87250052, "category_name": "Unknown", "category_id": 10001, "high_level_category_name": "Unknown", "high_level_category_id": 10000, "log_source_id": 71, "device_type": 341, "log_source_type_name": "SafeNet DataSecure/KeySecure", "log_source_name": "SafeNet DataSecure\\/KeySecure @ 127.0.0.1", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 4, "credibility": 5, "relevance": 1, "geographic": "other", "cre_event_list": [ "100090", "100205", "100211", "100207", "100555", "100249", "100246", "100355" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "Source Address is a Bogon IP", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks", "userNameAdmin" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:25:55.725Z", "last_observed": "2020-09-30T16:26:55.725Z", "number_observed": 1 }, { "id": "observed-data--fae1f8e5-27dc-4c60-a53b-fbc396437668", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.395Z", "modified": "2020-09-30T16:28:08.395Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MDkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--94328330-8174-41dc-bb40-cfc9afe8fc68", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.415Z", "modified": "2020-09-30T16:28:08.415Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVJ1bm5hYmxlUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--e420b084-9c2b-4089-ae1a-f9ff4609cf7c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.434Z", "modified": "2020-09-30T16:28:08.434Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUNwdVV0aWwJVmFsdWU9MC4wNTk5MzUyMzk5OTk5OTk5OTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--44f5fdbe-2fea-4be1-bf06-d14ce24a1bbb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.452Z", "modified": "2020-09-30T16:28:08.452Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRpbWVkV2FpdFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--8e774f35-07ca-437a-b415-a2d0ef5780f4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.469Z", "modified": "2020-09-30T16:28:08.469Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PUJsb2NrZWRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--43fa818c-00db-4864-aa8d-197cbb25d4ce", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.487Z", "modified": "2020-09-30T16:28:08.487Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVdhaXRpbmdSYXRpbwlWYWx1ZT0xMDAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--dfd50c4c-b99d-4300-9544-b51e80f9f96c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.505Z", "modified": "2020-09-30T16:28:08.505Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--d8de2c88-d9f6-4df5-862e-b842d43f540f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.523Z", "modified": "2020-09-30T16:28:08.523Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjU5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--d7bde644-3d36-4d60-a49f-00d0f1e105b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.541Z", "modified": "2020-09-30T16:28:08.541Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--b8725240-8e24-45e1-ad30-14da0860aba2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.559Z", "modified": "2020-09-30T16:28:08.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DdXJyZW50SG9zdHNUcmFja2luZ0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--de30e6ee-f09d-49d9-b243-bac51e230b00", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.576Z", "modified": "2020-09-30T16:28:08.576Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudFJhdGVFUE1vbglEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjIuNzgzMzMzMzMzMzMzMzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--ac6ab87c-3331-4c65-96c7-f54ebbf0852e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.598Z", "modified": "2020-09-30T16:28:08.598Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PVRlcm1pbmF0aW5nUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--dbdcf1f9-1117-442b-acfb-5851cc9f8392", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.618Z", "modified": "2020-09-30T16:28:08.618Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1FdmVudHNJbmRleGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PU5ld1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--401ad76f-ed4c-4350-abc5-137d6332fed0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.636Z", "modified": "2020-09-30T16:28:08.636Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1SdW5uYWJsZVJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--8fcea09f-cd63-46a5-87d4-8a9019f1c003", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.654Z", "modified": "2020-09-30T16:28:08.654Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UaW1lZFdhaXRSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--d0b07459-8ce9-4910-ac72-008e69215685", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.671Z", "modified": "2020-09-30T16:28:08.671Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1DcHVVdGlsCVZhbHVlPTAuMDkzODI4Mjg2NjY2NjY2NjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--33e36288-3f5f-43df-b5f0-d1131446339d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.688Z", "modified": "2020-09-30T16:28:08.688Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1UZXJtaW5hdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--2025d67d-f228-4f92-9135-459c58bc59c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.706Z", "modified": "2020-09-30T16:28:08.706Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1XYWl0aW5nUmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--016be311-cbe2-4e61-8c45-b4da3010d63a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.724Z", "modified": "2020-09-30T16:28:08.724Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--c7dc1b80-a37f-45e5-b827-ccd2b04873e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.742Z", "modified": "2020-09-30T16:28:08.742Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1CbG9ja2VkUmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--d00f6821-5754-4b06-9869-c49d41e4b756", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.760Z", "modified": "2020-09-30T16:28:08.760Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVRdWV1ZVNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--f0cbbb1b-7784-40bb-bbff-c54f34945174", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.779Z", "modified": "2020-09-30T16:28:08.779Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTU5MTE3NTY4MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--bcd110f7-b4db-4d8f-9b84-bd31420c1a72", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.798Z", "modified": "2020-09-30T16:28:08.798Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1BcmllbFdyaXRlclRocmVhZEluZm8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD1OZXdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--279cbb62-e87e-425c-9feb-323b91e7052a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.816Z", "modified": "2020-09-30T16:28:08.816Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MTkwMjUyODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--f73104c8-5fe2-49ba-a999-527abe39dce6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.833Z", "modified": "2020-09-30T16:28:08.833Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcxMzc2ODg3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--f9191fb3-aab6-4a40-ab6f-96388779d9f0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.854Z", "modified": "2020-09-30T16:28:08.854Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzA4NTc3MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--3557fe9c-100c-4e4c-8700-8efcde848773", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.873Z", "modified": "2020-09-30T16:28:08.873Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMDcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--997791c0-0823-450d-b92e-3a3c76694ef9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.891Z", "modified": "2020-09-30T16:28:08.891Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMTc1NDEwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--83f73a06-6e5f-483d-9ff3-495e1eb6d3e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.908Z", "modified": "2020-09-30T16:28:08.908Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA3OTQ3NzQwMDc4MDg3NTE0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--95645b3d-7355-4620-bfd6-0574adcfe229", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.925Z", "modified": "2020-09-30T16:28:08.926Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXdBbmRVcGRhdGVkSG9zdHNDb3VudEN1cnJlbnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--48e33d57-df93-4db3-be3e-5b5344e62716", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.946Z", "modified": "2020-09-30T16:28:08.946Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMwODU3ODYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--49367dcb-5e2a-4a49-9fdb-ccffafa56489", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.964Z", "modified": "2020-09-30T16:28:08.964Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--eec9b742-34f5-48b5-8e46-2d225c2b08e3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:08.982Z", "modified": "2020-09-30T16:28:08.982Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcxMzc2ODg3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--ea82f21f-6dca-4e1c-ab0d-9252a679cdaf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.000Z", "modified": "2020-09-30T16:28:09.000Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjU2MjU5NjAzNQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--00f50375-f403-4043-881d-3b39dbc8eea4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.018Z", "modified": "2020-09-30T16:28:09.018Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--7cb33bb5-b9e0-4b2a-a98b-4ce59fc84aea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.036Z", "modified": "2020-09-30T16:28:09.036Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--b5745fba-2d06-47b0-9cea-570a3f56e01e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.054Z", "modified": "2020-09-30T16:28:09.054Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--97a42c3d-3f33-4368-b812-46c41b4d1d4b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.071Z", "modified": "2020-09-30T16:28:09.071Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--46b9b6b1-24d2-4625-ad6c-735d2d473c83", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.089Z", "modified": "2020-09-30T16:28:09.089Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--2daabbe6-e47f-460a-89f7-e290f537f6d9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.112Z", "modified": "2020-09-30T16:28:09.112Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTEwMC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--36475a7a-385e-4691-baeb-eee741913989", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.131Z", "modified": "2020-09-30T16:28:09.131Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--15a7bb1f-5617-4d96-9f14-63bfe9ad5043", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.149Z", "modified": "2020-09-30T16:28:09.149Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00NDE2MjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--70b5b99f-7d21-497e-bc0f-05844a10c803", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.167Z", "modified": "2020-09-30T16:28:09.167Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTU5MTE3NTY4MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--db2d573c-e788-44a3-ae31-85caddc3ccf6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.185Z", "modified": "2020-09-30T16:28:09.185Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--26aa4992-937d-4447-bb12-33054ec3678b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.202Z", "modified": "2020-09-30T16:28:09.202Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEyMDQxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--57855fae-b074-4872-a38c-3404510dd9e8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.220Z", "modified": "2020-09-30T16:28:09.220Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0U3RvcHdhdGNoVHhUaW1lTXMJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--643425ad-9376-4329-93bc-736c4b6d0631", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.237Z", "modified": "2020-09-30T16:28:09.237Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zOTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--2233d1a0-8793-499b-bffd-5d2e5c302e46", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.255Z", "modified": "2020-09-30T16:28:09.255Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1BcHBzUmVwb3J0ZWRJbkxhc3RSZXBvcnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--f7fae496-8d96-4df2-a484-58e7e992524d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.273Z", "modified": "2020-09-30T16:28:09.273Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVwCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTIyMTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--01a00f71-ecbc-4679-a771-63e9c3ba1d11", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.293Z", "modified": "2020-09-30T16:28:09.293Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--5023b513-7601-4912-b79f-edaa9b6f01c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.311Z", "modified": "2020-09-30T16:28:09.311Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwNzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--9558c3ad-a148-4ef8-8eef-e10d47caa388", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.329Z", "modified": "2020-09-30T16:28:09.329Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNTA4NDgzMDcyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b2811a83-ffa1-47e3-bb24-2c0252b06c26", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.348Z", "modified": "2020-09-30T16:28:09.348Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0UmVwb3J0aW5nVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNDIyNDM2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--028ea9c8-b3de-40ac-9274-30d148c91e1f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.368Z", "modified": "2020-09-30T16:28:09.368Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZXAJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--90e90bfd-b89f-4be2-b267-27f801d06874", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.386Z", "modified": "2020-09-30T16:28:09.386Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjYxMzQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c0c40e2f-7ce3-4137-808d-d23142a26207", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.404Z", "modified": "2020-09-30T16:28:09.404Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--cd32271f-f4c3-41ef-8073-86c0c7b8a911", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.421Z", "modified": "2020-09-30T16:28:09.421Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjUwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--d3a43407-f154-4d3c-adc8-fbeab8bdf397", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.439Z", "modified": "2020-09-30T16:28:09.439Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zODIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--ad3ec851-6d00-43dc-8ff5-bcbb1800d687", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.456Z", "modified": "2020-09-30T16:28:09.456Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0f4e8582-71f3-42e7-b81f-398290cc11aa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.477Z", "modified": "2020-09-30T16:28:09.477Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyRGlza1NpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--d7528145-b6a9-4a04-871c-d908f1cbad09", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.499Z", "modified": "2020-09-30T16:28:09.499Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM1OTkwNDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c9317d42-a936-4ed4-88a6-2e7111f99e8d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.518Z", "modified": "2020-09-30T16:28:09.518Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY0Rpc2tTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c17a9df5-edfe-4d3d-b306-1d84a112def3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.536Z", "modified": "2020-09-30T16:28:09.536Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--cd8534b2-7486-4c2e-b1dc-cf8350a39419", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.554Z", "modified": "2020-09-30T16:28:09.554Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--95ad89fb-86f1-4e5a-841e-a98e49c52f78", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.571Z", "modified": "2020-09-30T16:28:09.571Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9TmV3UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--19a7f948-ebd7-4ce9-94cc-b8d7c6f2d5c8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.589Z", "modified": "2020-09-30T16:28:09.589Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9UnVubmFibGVSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--472a91f9-73f7-470b-b728-3dbd9ddd7312", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.611Z", "modified": "2020-09-30T16:28:09.611Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MTAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--831e59ab-16e2-474c-a7a4-ccd0252d47d3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.630Z", "modified": "2020-09-30T16:28:09.630Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2ac367e0-8a38-402c-8dc2-2fc1bbd69f37", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.650Z", "modified": "2020-09-30T16:28:09.650Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGVybWluYXRpbmdSYXRpbwlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--495934ab-f187-4c31-8363-e6bd3eb604f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.668Z", "modified": "2020-09-30T16:28:09.668Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9Q3B1VXRpbAlWYWx1ZT0wLjAxMDU0NTY0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f61a93a9-f222-459f-8d74-e3c4aae1417d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.685Z", "modified": "2020-09-30T16:28:09.685Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgzMTEwNTMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e493014e-1aab-4d9e-bd00-6f26aa2dbafa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.703Z", "modified": "2020-09-30T16:28:09.703Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9QmxvY2tlZFJhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0bb6181d-502d-418c-8b93-1a0d7131e1de", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.721Z", "modified": "2020-09-30T16:28:09.721Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1RdWV1ZWRFdmVudFRocm90dGxlRmlsdGVyVGhyZWFkSW5mbwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9V2FpdGluZ1JhdGlvCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c15c90d3-6644-4132-9860-7fb04e31e429", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.739Z", "modified": "2020-09-30T16:28:09.739Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwNzMzMjQzMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a44635bc-5cec-4fa5-8fcd-13f26e8eac65", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.756Z", "modified": "2020-09-30T16:28:09.756Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0f4ee702-a43f-4700-b920-f73945de5007", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.776Z", "modified": "2020-09-30T16:28:09.776Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzExMDU0NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--d92d575e-3e6d-4305-b4aa-2020386161ed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.794Z", "modified": "2020-09-30T16:28:09.794Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMDI4ODA1MTk4OTQzMzc1MjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--563f0e0f-522d-43db-b7c0-54764e76d2ec", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.813Z", "modified": "2020-09-30T16:28:09.813Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--66320822-3ea9-49e7-90c5-dfbf7de783f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.833Z", "modified": "2020-09-30T16:28:09.833Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--6b6109d7-5096-47be-adfd-d98115b9712f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.854Z", "modified": "2020-09-30T16:28:09.854Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--03142e9d-818b-4222-b0e0-5c5c9a6d8984", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.873Z", "modified": "2020-09-30T16:28:09.873Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTM1OTkwNDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--d7c63b64-a8f4-4178-8e25-5218e4f29f0d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.892Z", "modified": "2020-09-30T16:28:09.892Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExNTU3NDAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0cdd8f9d-45c8-437f-8a7b-67524ce84ed9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.910Z", "modified": "2020-09-30T16:28:09.910Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE4ODY3OTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--bc1a2c64-b2e9-4067-ba39-2f5ac816cc33", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.928Z", "modified": "2020-09-30T16:28:09.928Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c951683e-68fd-4a1d-9b04-99fec18d7ea7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.946Z", "modified": "2020-09-30T16:28:09.946Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA2OTYyOTQ0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b0cbf8c6-9f00-409b-a37b-5bd1c4a78f2d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.964Z", "modified": "2020-09-30T16:28:09.964Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c8346259-e817-4ece-83b3-a063bc78e972", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.981Z", "modified": "2020-09-30T16:28:09.981Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b7982470-d34e-453b-acab-5496bbb037af", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:09.999Z", "modified": "2020-09-30T16:28:09.999Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lYy1pbmdyZXNzCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODIxNgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a4513fb5-329c-4c76-9a4a-85ceb2ead0d3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.019Z", "modified": "2020-09-30T16:28:10.019Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ5NTgyODk5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b48cf760-500a-4b01-8657-186ca01a6a4b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.036Z", "modified": "2020-09-30T16:28:10.036Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--7484bd5d-d684-4878-bd24-840f22905fde", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.054Z", "modified": "2020-09-30T16:28:10.054Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9ZWNzLWVjLWluZ3Jlc3MJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Mjg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2845ce85-d639-43ec-9bf1-9b4251e08b40", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.072Z", "modified": "2020-09-30T16:28:10.072Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjQ1MzA5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--6bf26ae6-d38d-4cf5-98e2-d1157c5bc16e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.090Z", "modified": "2020-09-30T16:28:10.090Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjEyNjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--6c389890-72b2-4e01-838b-296525586fe9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.113Z", "modified": "2020-09-30T16:28:10.113Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2fd6a673-4566-4865-93cc-d8890afb206f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.132Z", "modified": "2020-09-30T16:28:10.132Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1JbmdyZXNzVG9FY1NwaWxsRmlsZXNDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1lY3MtZWMtaW5ncmVzcwlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--85414b82-5daa-4443-8d9a-19f1220e22fa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.150Z", "modified": "2020-09-30T16:28:10.150Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1DUkVQUm9jZXNzb3JUaHJlYWRJbmZvCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWVjcy1lcAlDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9VGltZWRXYWl0UmF0aW8JVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.768Z", "last_observed": "2020-09-30T16:26:05.768Z", "number_observed": 1 }, { "id": "observed-data--c6768307-fdce-48c1-877d-4c1b1ccf6913", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.168Z", "modified": "2020-09-30T16:28:10.168Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--49ac8b38-0122-4738-81fa-cc85e4226a95", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.188Z", "modified": "2020-09-30T16:28:10.188Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0b6546b2-55f6-4310-a178-c9d18aa42ce9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.206Z", "modified": "2020-09-30T16:28:10.206Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0165b9a4-e836-4cc3-8788-3fd51320fc09", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.226Z", "modified": "2020-09-30T16:28:10.226Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--bb2c3bde-9dfa-4983-b3ec-83034b4f5a97", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.244Z", "modified": "2020-09-30T16:28:10.244Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjg2MDA5MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--531bfe7a-2e55-4d5c-92ba-5e6a83162d9b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.262Z", "modified": "2020-09-30T16:28:10.262Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--d7048619-af24-44ae-9566-8377fd3e82a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.279Z", "modified": "2020-09-30T16:28:10.279Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--64661b71-f2e3-41e2-bf8a-81e94b944a10", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.296Z", "modified": "2020-09-30T16:28:10.296Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExMzA2NDk5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--fb1c4272-9541-439e-896b-a7ad613dceef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.315Z", "modified": "2020-09-30T16:28:10.315Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODYwMDY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1c046955-a673-476b-8c82-7cd5e7b15ccd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.333Z", "modified": "2020-09-30T16:28:10.333Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE0MDA3MDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--959b6111-9c0c-490b-8c4b-f03b9859e71a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.356Z", "modified": "2020-09-30T16:28:10.356Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQwNjA3NDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f5ffd779-9363-4f03-9d37-2d436cc6f197", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.375Z", "modified": "2020-09-30T16:28:10.375Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--84a12acc-7bfc-42df-b6f1-4bde9ae940b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.393Z", "modified": "2020-09-30T16:28:10.393Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--9f6d960d-0c67-4a54-bdac-a96de31c9c6e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.412Z", "modified": "2020-09-30T16:28:10.412Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9My41Njc5NDYxOTkzNzEzNzNFLTQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--ee334267-8e3f-4023-afd7-c3a59eef8867", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.430Z", "modified": "2020-09-30T16:28:10.430Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b19f1e70-8100-4bc2-a016-2e1d280e790c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.448Z", "modified": "2020-09-30T16:28:10.448Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NDE3MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0d4dd8b0-06eb-40d9-9077-a4327118aa0d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.466Z", "modified": "2020-09-30T16:28:10.466Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTc5ODUwNTMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--77dfb2d1-7c67-4ecb-a7a3-cf224ce38661", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.483Z", "modified": "2020-09-30T16:28:10.483Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04NTU0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f3195d65-5184-4cab-be59-244b73ebdc05", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.501Z", "modified": "2020-09-30T16:28:10.501Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXJjX2J1aWxkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c4162917-a9a6-4796-8bf9-f1ab17d5d595", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.519Z", "modified": "2020-09-30T16:28:10.519Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFyY19idWlsZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODUwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--46086202-8859-41b9-987b-ceaeeafc5a76", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.538Z", "modified": "2020-09-30T16:28:10.538Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNDUyNDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--db951a9e-cff0-46a6-ada8-9be79a702a55", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.557Z", "modified": "2020-09-30T16:28:10.557Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTQxODE3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c4177529-d76d-45cc-949a-9999858bf6a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.575Z", "modified": "2020-09-30T16:28:10.575Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMxNTM1OTIzMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a5a31e19-22b5-4f86-9b7f-15f15b36ffdc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.592Z", "modified": "2020-09-30T16:28:10.592Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--fa1203cb-2cd0-4eb6-bb60-0e1c7299810e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.614Z", "modified": "2020-09-30T16:28:10.615Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0c6739d6-36f5-420a-821f-2d926d1078f0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.633Z", "modified": "2020-09-30T16:28:10.633Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hcmNfYnVpbGRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e195094f-e3b3-4edc-8092-343de2cf7ec6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.651Z", "modified": "2020-09-30T16:28:10.651Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0cdeab10-556c-48d6-bcf1-d0a45b9cea97", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.669Z", "modified": "2020-09-30T16:28:10.669Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--6d660a45-cd09-4dd5-a7bb-e8c60d25adc8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.686Z", "modified": "2020-09-30T16:28:10.686Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--98bc1149-2cdd-4a67-ac86-d23eb0b3ea55", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.705Z", "modified": "2020-09-30T16:28:10.705Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--fb05b633-0a20-4835-96df-d5f37adb1440", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.724Z", "modified": "2020-09-30T16:28:10.724Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--11f3df30-8b43-4a35-9abe-b3b32a916d50", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.742Z", "modified": "2020-09-30T16:28:10.742Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMTE4NDIxMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1f0871a9-9642-492f-873b-70e4708ec408", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.761Z", "modified": "2020-09-30T16:28:10.761Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--7c8657f3-54c3-4979-a592-cbeb6443baf8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.778Z", "modified": "2020-09-30T16:28:10.778Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxMTU0NjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--22c5e1fb-bc5e-44c3-bb7a-cc0a931f4c15", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.796Z", "modified": "2020-09-30T16:28:10.796Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzExNTQ0Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--9a0c29c1-1065-41c8-8de6-48f75bec851c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.814Z", "modified": "2020-09-30T16:28:10.814Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1a44aea8-5647-462c-a89f-01f7576c77b6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.832Z", "modified": "2020-09-30T16:28:10.832Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTA0OTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a7bb219b-7a96-4b4e-8507-48e13caae074", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.851Z", "modified": "2020-09-30T16:28:10.851Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--db1f18fd-1453-45bd-92ba-dfa0e1a1746b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.872Z", "modified": "2020-09-30T16:28:10.872Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--52353199-e430-4368-8448-86d721635b46", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.892Z", "modified": "2020-09-30T16:28:10.892Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgyOTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--7ef44760-93c1-496e-9535-b49d14504466", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.910Z", "modified": "2020-09-30T16:28:10.910Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a0b5f603-8255-4c78-a201-e005d0c1d93a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.928Z", "modified": "2020-09-30T16:28:10.928Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDAxMDMwMTg3NzQ3Mjk4ODQ4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--934b8f79-13d4-4968-8832-7f379682a0f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.946Z", "modified": "2020-09-30T16:28:10.946Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0596ecf1-d5fd-43eb-ac51-65bdb6347114", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.964Z", "modified": "2020-09-30T16:28:10.964Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--3ea369e1-9963-409f-851f-fc760cf4d04d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:10.982Z", "modified": "2020-09-30T16:28:10.982Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1caede0e-94ff-4803-8069-b6fd488f9d21", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.000Z", "modified": "2020-09-30T16:28:11.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--33b6f324-c59f-447b-9ddf-c2b93d02c36a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.019Z", "modified": "2020-09-30T16:28:11.019Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxNDE4MDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e52a064d-cc7a-4403-bb6c-b64411def83e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.036Z", "modified": "2020-09-30T16:28:11.036Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cXZtcHJvY2Vzc29yCUNvbXBvbmVudE5hbWU9SUJNVnVsbmVyYWJpbGl0eVByb2Nlc3NvcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTA5MzAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--47d0b962-a92e-4dab-9275-85f318076f80", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.055Z", "modified": "2020-09-30T16:28:11.055Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXF2bXByb2Nlc3NvcglDb21wb25lbnROYW1lPUlCTVZ1bG5lcmFiaWxpdHlQcm9jZXNzb3IJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2ced2e42-ab8f-47bc-ac13-880869b1a102", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.078Z", "modified": "2020-09-30T16:28:11.078Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--3eb90953-6be2-47be-a7d3-7e797cbe312b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.097Z", "modified": "2020-09-30T16:28:11.097Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0399ac25-0585-441e-a8c1-e8dc2fc31654", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.117Z", "modified": "2020-09-30T16:28:11.117Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzI0MDg1NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a9a6ce97-e587-4622-bb5a-c272ba2df965", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.136Z", "modified": "2020-09-30T16:28:11.136Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI2NDE1Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f46bc674-5000-4064-a4f7-42b5a2466142", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.155Z", "modified": "2020-09-30T16:28:11.155Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2753e440-0006-46ae-9fba-a7760363caf4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.173Z", "modified": "2020-09-30T16:28:11.173Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1xdm1wcm9jZXNzb3IJQ29tcG9uZW50TmFtZT1JQk1WdWxuZXJhYmlsaXR5UHJvY2Vzc29yCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e6dfc136-b623-4d75-b067-053979fd8e80", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.191Z", "modified": "2020-09-30T16:28:11.191Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--aae8534c-b090-498e-8bcf-72f3c508df37", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.209Z", "modified": "2020-09-30T16:28:11.209Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--82702c6e-717f-47ba-83d7-2921afcf1b6e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.228Z", "modified": "2020-09-30T16:28:11.228Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--cb802e70-6d68-4ea3-98ae-63dbd311462e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.248Z", "modified": "2020-09-30T16:28:11.248Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2b8ace9a-246b-4fa3-8597-ead37139451a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.266Z", "modified": "2020-09-30T16:28:11.266Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--739e296a-e6d5-4fe6-9d7d-7d50638811ec", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.283Z", "modified": "2020-09-30T16:28:11.283Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI5NjUwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f8b5af58-44b8-4c42-885c-7221fa7d7ced", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.301Z", "modified": "2020-09-30T16:28:11.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03OTI0MjIwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f499543e-82d1-450a-8269-e3f477eafc35", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.319Z", "modified": "2020-09-30T16:28:11.319Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDE4NTAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b3bf9aa6-572f-46ee-aa84-f1982774d4d2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.336Z", "modified": "2020-09-30T16:28:11.336Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b08867d9-8628-4bc3-8766-c00b87a2df67", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.356Z", "modified": "2020-09-30T16:28:11.356Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjk2NTAzMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--3027f9a4-50ee-4f66-af3a-ca9150c9ca69", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.374Z", "modified": "2020-09-30T16:28:11.374Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuNTYzMzI3MzE5MjEwNzY2RS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--96571b44-104f-481f-959f-5a363e2448b5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.392Z", "modified": "2020-09-30T16:28:11.392Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgzNzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--9167265b-7b1a-44d1-8e3e-3961689bd0df", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.410Z", "modified": "2020-09-30T16:28:11.410Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f459e5c5-1288-4ea3-a1ad-a74857e7fd81", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.430Z", "modified": "2020-09-30T16:28:11.430Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--313ee2b6-6e01-4ad2-9c0c-6ba1f72fcef0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.447Z", "modified": "2020-09-30T16:28:11.447Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e8cf6e4d-2e03-4b73-9d1e-5a2410cf4bae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.465Z", "modified": "2020-09-30T16:28:11.465Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c6169fc7-6d40-4c12-9fe4-055a9df28adb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.484Z", "modified": "2020-09-30T16:28:11.484Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--55ca0ec1-6d95-4862-bf25-0554bb15f91e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.501Z", "modified": "2020-09-30T16:28:11.501Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXZpcwlDb21wb25lbnROYW1lPXZpczAJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyOTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0705dee4-e1b8-45c4-bd9b-0f07e9cbe0cb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.519Z", "modified": "2020-09-30T16:28:11.519Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b54d4619-1e09-44a4-93a4-81818c8def52", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.537Z", "modified": "2020-09-30T16:28:11.537Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dmlzCUNvbXBvbmVudE5hbWU9dmlzMAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzMyOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--fd554832-1d11-4fb0-9713-e1571fcc4d6a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.554Z", "modified": "2020-09-30T16:28:11.554Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNDI1ODkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c159233e-1704-4190-83d1-0ad8cdc5bb2b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.572Z", "modified": "2020-09-30T16:28:11.572Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1OTk5NTQ4MDcyNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--131d5dca-9819-4ecb-b4e5-fde0aa20cde9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.589Z", "modified": "2020-09-30T16:28:11.589Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b136fc5f-a922-47d3-a627-e93a6dfe3b45", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.613Z", "modified": "2020-09-30T16:28:11.613Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY0MTAzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e03b5d98-e5a4-42dd-9a4f-ac78d87400ae", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.631Z", "modified": "2020-09-30T16:28:11.631Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT12aXMJQ29tcG9uZW50TmFtZT12aXMwCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xOTY1ODM0MjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--aaa808f7-9e52-4900-b4b4-286874fe3451", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.649Z", "modified": "2020-09-30T16:28:11.649Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1f78bdba-b18f-4f26-b748-ada3be86a772", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.667Z", "modified": "2020-09-30T16:28:11.667Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--4e8a44bd-98e6-4f2d-b89b-16a95e6b7658", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.685Z", "modified": "2020-09-30T16:28:11.685Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--6c35e9ed-b7a4-4958-a4b1-b459b28e6a5b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.703Z", "modified": "2020-09-30T16:28:11.703Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudE9uRGlzawlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--970b6b9a-703b-469c-97df-227077cea320", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.721Z", "modified": "2020-09-30T16:28:11.721Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdFNwaWxsb3ZlclRocmVzaG9sZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTUwMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--212ceb46-1151-41d6-bb8b-50b58a42975a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.739Z", "modified": "2020-09-30T16:28:11.739Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--4464d817-9a6d-49e4-988c-a304a9fa7adc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.758Z", "modified": "2020-09-30T16:28:11.758Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--495fac07-b000-42ac-ad17-21dac359a425", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.778Z", "modified": "2020-09-30T16:28:11.778Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--541a58e1-18f2-422a-8399-059889b7e6a6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.797Z", "modified": "2020-09-30T16:28:11.797Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyODg1MDMxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--3b0084c4-9961-47f6-9d7a-addad7aadbe0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.814Z", "modified": "2020-09-30T16:28:11.814Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--746c5b0c-3e53-4e14-90e2-eaf944895f3b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.831Z", "modified": "2020-09-30T16:28:11.831Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTQyMDQ4NjA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--78f7fa9e-1556-438a-8d4e-cfb93196a93d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.849Z", "modified": "2020-09-30T16:28:11.849Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0e60c67f-fbc6-44c8-afe2-23bf46ca814d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.871Z", "modified": "2020-09-30T16:28:11.871Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODI4ODUwMTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--7be9a666-2c9e-410b-8045-5c602bf82a56", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.890Z", "modified": "2020-09-30T16:28:11.890Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--30081dbb-8ad9-417d-bd98-36af4173e1aa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.909Z", "modified": "2020-09-30T16:28:11.909Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyU3BpbGxGaWxlc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--36c93371-20a3-447e-ba14-1b17069956b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.929Z", "modified": "2020-09-30T16:28:11.929Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1f182470-b0a1-4353-a304-7f818c4f085c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.950Z", "modified": "2020-09-30T16:28:11.950Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c49baba3-f8ec-4e59-860d-edc8c269ba92", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.969Z", "modified": "2020-09-30T16:28:11.969Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTkyMDEwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--5324c9be-8509-4a82-9953-6f2d06040677", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:11.987Z", "modified": "2020-09-30T16:28:11.987Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--83bff4a0-2586-45f2-a5bd-1235c2e79302", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.005Z", "modified": "2020-09-30T16:28:12.005Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00Ljk4NTE3NjU4MDcwNDEwMkUtNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--155585ab-3006-4c5c-b11b-0db975d39122", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.023Z", "modified": "2020-09-30T16:28:12.023Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzEyNTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--fec1e644-1213-4330-81bf-0e1bcd2d01d8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.041Z", "modified": "2020-09-30T16:28:12.041Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzQyOTIwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--8263f07b-7b78-4ce9-8786-56888fcc0fc2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.059Z", "modified": "2020-09-30T16:28:12.059Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--6809dfa2-7832-4824-8083-05eb6c88d541", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.077Z", "modified": "2020-09-30T16:28:12.077Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--13ca50c1-83a9-4288-81d1-53ef3914e75b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.095Z", "modified": "2020-09-30T16:28:12.095Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--35ca115b-d29d-4cc2-81fb-3c450e99fc7a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.116Z", "modified": "2020-09-30T16:28:12.116Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFVwZGF0ZVJlc29sdXRpb25NYW5hZ2VyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--618634e4-4608-41b2-b44a-ac506f85de87", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.137Z", "modified": "2020-09-30T16:28:12.137Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--9e305e47-05b2-435c-af08-2e914a0e2a41", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.156Z", "modified": "2020-09-30T16:28:12.156Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--fe514b9c-1a28-4a0c-bbdd-768e4cd5e0a9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.174Z", "modified": "2020-09-30T16:28:12.174Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU4MzMyMTYwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--cc5d5685-d357-4f2d-a969-006dda9832a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.191Z", "modified": "2020-09-30T16:28:12.191Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVTbmFwc2hvdEVsZW1lbnRDb3VudEluTWVtb3J5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--7f7603cf-1ca4-4d2d-96cb-debdf748c8e2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.210Z", "modified": "2020-09-30T16:28:12.210Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9YXNzZXRwcm9maWxlcglDb21wb25lbnROYW1lPWFzc2V0cHJvZmlsZXIJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTkxNjcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--71f92b56-1494-4500-9ada-1a2087888dba", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.228Z", "modified": "2020-09-30T16:28:12.228Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05MTY3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1103cda2-9219-4a7a-860c-c1ed7b0b194d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.246Z", "modified": "2020-09-30T16:28:12.246Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJUb3BUaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--324d2f86-df51-4d3d-ba50-288ea62d62ff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.264Z", "modified": "2020-09-30T16:28:12.264Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTU5OTk1NDgwNzI0Mwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--cabc1193-c53c-4b7a-82b6-be3d864fd0ed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.281Z", "modified": "2020-09-30T16:28:12.281Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--9678cf86-9280-4f37-80a0-eb1ea5460b20", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.301Z", "modified": "2020-09-30T16:28:12.301Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTWF4RmlsZUNvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--ee3bd6c1-7a1f-4685-8b63-3decd80a70b0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.319Z", "modified": "2020-09-30T16:28:12.319Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjY5OTA4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a817d2f4-5df3-410a-9e99-abd42c745bba", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.337Z", "modified": "2020-09-30T16:28:12.337Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Bc3NldFByb2ZpbGVQZXJzaXN0ZXJCb3R0b21UaWVyTkVsZW1lbnRzT25EaXNrCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWFzc2V0cHJvZmlsZXIJQ29tcG9uZW50TmFtZT1hc3NldHByb2ZpbGVyCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--52293efc-ba35-4e92-8b56-cf86b3aa6bd6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.357Z", "modified": "2020-09-30T16:28:12.357Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1hc3NldHByb2ZpbGVyCUNvbXBvbmVudE5hbWU9YXNzZXRwcm9maWxlcglkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTgyODcwMDE2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--56e08cac-3397-4d74-8556-2d14cc9f0e43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.376Z", "modified": "2020-09-30T16:28:12.376Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--77522db5-4e6a-4d7b-9c73-e9a94d3f0593", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.394Z", "modified": "2020-09-30T16:28:12.394Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--3edc1816-a327-4a89-816c-3a3d39f2b193", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.412Z", "modified": "2020-09-30T16:28:12.412Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e9d3abe2-2290-4668-9255-b3813ab3c711", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.430Z", "modified": "2020-09-30T16:28:12.430Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRDUFVVc2FnZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDAxMjYwOTY2MTcyNDg1NjkyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--bf575467-3ca4-4956-9916-1e6677455da5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.448Z", "modified": "2020-09-30T16:28:12.448Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1883019a-5da3-4cbd-8642-de527a45ed44", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.465Z", "modified": "2020-09-30T16:28:12.465Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zMDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a38a379e-9b07-4a41-bd8c-d96388b86bcf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.484Z", "modified": "2020-09-30T16:28:12.484Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgyNzYyODczCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--86e240ad-b35c-4117-a1fe-4b6bd890c8da", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.502Z", "modified": "2020-09-30T16:28:12.502Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4Mjc2MjkxMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a5749760-ba5a-4dd6-9739-1a2c98f1bd31", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.521Z", "modified": "2020-09-30T16:28:12.521Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a64f9370-1dff-4c8a-8e70-a37360199cee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.539Z", "modified": "2020-09-30T16:28:12.539Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTExNTQ2OTk2OTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--04f8d3f0-5cd7-4bb6-b6be-0f13bb89d8be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.557Z", "modified": "2020-09-30T16:28:12.557Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--8d0b21ea-5d7f-4a9f-b988-b693551d4c43", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.574Z", "modified": "2020-09-30T16:28:12.574Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--5a52e7f2-e230-4b9a-8f76-f59342f34566", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.592Z", "modified": "2020-09-30T16:28:12.592Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMzg4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c11bc926-3c5a-4e1f-9c49-19fba30045b3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.614Z", "modified": "2020-09-30T16:28:12.614Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTU0NTExMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0a6f5ea1-2d92-4d39-a464-f57129f5055b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.632Z", "modified": "2020-09-30T16:28:12.632Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMjQ1MDk0MDQ0MTU1MDkzNDQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--4c8e5166-fb9c-4da3-8bb5-f279fe2769ac", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.650Z", "modified": "2020-09-30T16:28:12.650Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--004c7c64-03d9-4bac-a345-2ea368ddc9b8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.671Z", "modified": "2020-09-30T16:28:12.671Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--634fbbfe-3f13-40fd-90f6-a12528c6f2a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.693Z", "modified": "2020-09-30T16:28:12.693Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub21jYXRTZXNzaW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--5bbb593b-544f-4f92-99d9-8521638a74f0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.723Z", "modified": "2020-09-30T16:28:12.723Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQ2MDY3MQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0d46dd02-26fa-4e12-a6e1-d66a77238bdf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.746Z", "modified": "2020-09-30T16:28:12.746Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NjE2MTUzOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--100b5196-0698-4d57-8e97-49c40120eab3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.767Z", "modified": "2020-09-30T16:28:12.767Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mjc2NTkzNjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--aa9b6f34-304c-4d4e-bd5f-baf18016e746", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.789Z", "modified": "2020-09-30T16:28:12.789Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE0OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b5b4eb31-fc19-4600-b55f-fc4bcb7d7ef4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.810Z", "modified": "2020-09-30T16:28:12.810Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9dG9tY2F0CUNvbXBvbmVudE5hbWU9dG9tY2F0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzg1MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1742add4-0176-4fde-ab5d-0f36f90b1fa2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.829Z", "modified": "2020-09-30T16:28:12.829Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEyNjk1MjYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--27ce20b5-d2db-47d4-b574-f0e4e0d620c7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.849Z", "modified": "2020-09-30T16:28:12.849Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE1MTAwMTQ5NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--35373545-0457-47bc-ab73-e994dcf36359", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.873Z", "modified": "2020-09-30T16:28:12.873Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXRvbWNhdAlDb21wb25lbnROYW1lPXRvbWNhdAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjY0NjIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--c0004240-457e-4105-b79b-4bdbea13e510", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.891Z", "modified": "2020-09-30T16:28:12.892Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI5Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--eac25008-d135-4e24-ae8d-5d6cf132aa52", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.911Z", "modified": "2020-09-30T16:28:12.911Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--df763ee2-98fd-43a2-8777-b1637cb7b09d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.931Z", "modified": "2020-09-30T16:28:12.931Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT10b21jYXQJQ29tcG9uZW50TmFtZT10b21jYXQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--61555e3f-15f9-4606-a6de-15f3e9f834f0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.951Z", "modified": "2020-09-30T16:28:12.951Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b8a79084-0543-4525-8b3a-3d5ad9e2d003", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.971Z", "modified": "2020-09-30T16:28:12.971Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMzE3NzkzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0defd6d8-5bd4-4cdd-a61a-53e4da14c9d1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:12.990Z", "modified": "2020-09-30T16:28:12.990Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--3242447e-08db-4057-8965-11de1b1c4c28", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.009Z", "modified": "2020-09-30T16:28:13.009Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--cdbd2650-5970-4d6f-b17f-447041bbf7c0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.028Z", "modified": "2020-09-30T16:28:13.028Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT01Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2f2cbe2f-311d-47d2-b8d6-2f49b84362fe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.046Z", "modified": "2020-09-30T16:28:13.046Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--a8523388-f43c-4d78-a998-fd35fe56c4a4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.065Z", "modified": "2020-09-30T16:28:13.065Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ3OTc2MDA0NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--2e47bbc6-e0c3-48d1-b4b2-b565c5797d11", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.081Z", "modified": "2020-09-30T16:28:13.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE3NTM1NTQ2NAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0d9f7c58-7090-452f-bd23-0b84d9f0b9fb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.097Z", "modified": "2020-09-30T16:28:13.097Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--ea51ba3b-5b1e-4944-bd58-e108945587c5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.114Z", "modified": "2020-09-30T16:28:13.114Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b02c6dca-bdd1-4292-a530-3876cd20f96c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.131Z", "modified": "2020-09-30T16:28:13.131Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDc5NzYwMDMzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--812327f6-d427-4f9f-b8c9-4e583a0c639f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.147Z", "modified": "2020-09-30T16:28:13.147Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9Mi43Mjc1NTY0ODkxMDg0OTE3RS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--64cef344-7dcd-4cbb-be3e-2715952c748b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.163Z", "modified": "2020-09-30T16:28:13.163Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e7348d11-12e0-41ba-a829-c6ac483ef8b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.179Z", "modified": "2020-09-30T16:28:13.179Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwNzUwMDAwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--e449ac6c-21a2-4dd1-a88e-eee07b949d65", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.194Z", "modified": "2020-09-30T16:28:13.194Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0a0aac5f-503b-4ab1-b03a-90726d6048a8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.214Z", "modified": "2020-09-30T16:28:13.214Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODM3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--75c776c3-6107-4159-96d0-96196d878dc6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.243Z", "modified": "2020-09-30T16:28:13.243Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--48508813-6a89-42bd-b467-3205232a96b1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.268Z", "modified": "2020-09-30T16:28:13.268Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTM0NTk4MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f6a163e2-d648-4d12-95d7-221ef764af10", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.294Z", "modified": "2020-09-30T16:28:13.294Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b29ab824-c4a3-4164-ac4b-cbddf902f79d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.319Z", "modified": "2020-09-30T16:28:13.319Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTUzCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b43a8b08-1875-4699-80dc-416741253be6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.342Z", "modified": "2020-09-30T16:28:13.342Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPW9mZmxpbmVfZm9yd2FyZGVyCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzU5NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--5ef5dce9-aeee-4da0-bb6b-a17d6c617e3c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.366Z", "modified": "2020-09-30T16:28:13.366Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--887d3bce-3cbe-4ce7-9d78-51c2483cad67", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.388Z", "modified": "2020-09-30T16:28:13.388Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9b2ZmbGluZV9mb3J3YXJkZXIJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03NjMyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--b393366f-00ff-4b6d-a92f-d868f1d6bad3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.410Z", "modified": "2020-09-30T16:28:13.410Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODEzMTc2NzkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--1504d579-cb15-4863-a2a3-8c2126b4f795", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.432Z", "modified": "2020-09-30T16:28:13.432Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTI2MTQ1MTc3Ngo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--950e700f-8e80-4397-b343-2400dcb36f9d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.457Z", "modified": "2020-09-30T16:28:13.457Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--0735a238-f4de-4dfe-ad9e-97fbf2842831", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.477Z", "modified": "2020-09-30T16:28:13.477Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTI5MTA0Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--446032c6-6aeb-4151-a560-4a525c359736", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.499Z", "modified": "2020-09-30T16:28:13.499Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1vZmZsaW5lX2ZvcndhcmRlcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--f08ac20a-344a-4929-b341-88799abb77f6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.519Z", "modified": "2020-09-30T16:28:13.519Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--d5e5b584-8df4-44b7-98ec-829b410cd7de", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.542Z", "modified": "2020-09-30T16:28:13.542Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--55bd4f17-e662-4da1-afe3-9b14efc35741", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.563Z", "modified": "2020-09-30T16:28:13.563Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxMzUwMTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--4bea2bc2-d107-4c51-b52c-820fddfd8da5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.584Z", "modified": "2020-09-30T16:28:13.584Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--a4845895-db50-4cb6-b7ac-269eed370eea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.605Z", "modified": "2020-09-30T16:28:13.605Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7534f0c6-6f00-4dbf-8d63-28c910ae0db8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.625Z", "modified": "2020-09-30T16:28:13.625Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT03MTM4MTI4OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--42cfde99-484a-4e72-a4f8-b2d2f6f47b8e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.651Z", "modified": "2020-09-30T16:28:13.651Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzEzNTAwOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--15eed816-fd3a-4ed5-a247-643a6a1415b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.671Z", "modified": "2020-09-30T16:28:13.671Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMjU5MjAwMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--02bbf72e-9f4f-4b62-b020-82037ab17e02", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.691Z", "modified": "2020-09-30T16:28:13.691Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.769Z", "last_observed": "2020-09-30T16:26:05.769Z", "number_observed": 1 }, { "id": "observed-data--8cda703f-f8d6-4866-ba25-0bb646161a3a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.711Z", "modified": "2020-09-30T16:28:13.711Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--fa5e4113-399e-44d4-919c-7d9b2c575cc9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.733Z", "modified": "2020-09-30T16:28:13.733Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MzUxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--07f49002-3ed8-45a7-856a-23da7b91ea2c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.753Z", "modified": "2020-09-30T16:28:13.753Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTMuMTQ3NTkwMDMzMjE0MTEzRS00Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--b74e76a3-c508-463f-825e-6b64b03b0315", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.774Z", "modified": "2020-09-30T16:28:13.774Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTgyMTE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--0eda788d-44fd-413b-a0af-f659095ce2cf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.794Z", "modified": "2020-09-30T16:28:13.794Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f534a73b-f38b-49dd-81af-e2b28f02e6fd", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.813Z", "modified": "2020-09-30T16:28:13.813Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--c9a25f94-81f5-4203-8fd4-8be14b231f62", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.834Z", "modified": "2020-09-30T16:28:13.834Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--0f9ce37f-57a6-4a2d-b160-4b193d3d6747", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.857Z", "modified": "2020-09-30T16:28:13.857Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0zNTgxNDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d558985f-bf30-4897-aa99-487b5edaef8f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.877Z", "modified": "2020-09-30T16:28:13.877Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--1249910b-eb0a-4d57-883b-674eef6cc08f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.897Z", "modified": "2020-09-30T16:28:13.897Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9cmVwb3J0aW5nX2V4ZWN1dG9yCUNvbXBvbmVudE5hbWU9bnVsbAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9ODgyNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--23de2aec-2e9f-491e-95c8-6121f16a34e7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.917Z", "modified": "2020-09-30T16:28:13.917Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d19db543-51a2-45b8-916a-e3c1c802aecc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.937Z", "modified": "2020-09-30T16:28:13.937Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPXJlcG9ydGluZ19leGVjdXRvcglDb21wb25lbnROYW1lPW51bGwJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTg0NzMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--2ea4f625-9e5e-4f33-b2d2-00b93aaacdfa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.958Z", "modified": "2020-09-30T16:28:13.958Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMjkwOTE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--1be1ab7c-f3de-4e53-a020-55052d15d4b2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.977Z", "modified": "2020-09-30T16:28:13.977Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudE1hcHBlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--bd0a754d-d5da-499c-8f2f-2d193f34ad44", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:13.997Z", "modified": "2020-09-30T16:28:13.997Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--926ce42b-a249-4ca5-a4ef-11b7a146cf45", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.018Z", "modified": "2020-09-30T16:28:14.018Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MC42Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f16ddca3-d371-4857-bd15-9ccd816e4128", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.040Z", "modified": "2020-09-30T16:28:14.040Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7eb028c3-6658-47c9-a1e2-3bcc7b16ab75", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.060Z", "modified": "2020-09-30T16:28:14.060Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MTA1MTQ3Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--8ee35d4e-9d53-45a4-bf43-0c2665f47f33", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.081Z", "modified": "2020-09-30T16:28:14.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXRpbGl6YXRpb25EZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--baf1d204-dd0f-4870-a89b-c6d487019a59", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.101Z", "modified": "2020-09-30T16:28:14.101Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2CVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e0f5e6cf-7aec-4136-a19a-402ac04de191", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.121Z", "modified": "2020-09-30T16:28:14.121Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--bcc9f00a-6b24-41ef-93af-870f050df7bf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.141Z", "modified": "2020-09-30T16:28:14.141Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkUHJvY2VzcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1yZXBvcnRpbmdfZXhlY3V0b3IJQ29tcG9uZW50TmFtZT1udWxsCWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xODg1OTIxMjgK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--6f0f5d03-7c4b-486c-a90b-dfd07a27c3f1", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.161Z", "modified": "2020-09-30T16:28:14.161Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuL3VzZXIvMAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7b1ff2ad-3e06-47a8-895b-43c2e213c005", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.183Z", "modified": "2020-09-30T16:28:14.183Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vZGV2L3NobQlWYWx1ZT0wLjAxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--ea0ee59f-ea52-4715-8db0-46ebc09408a9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.203Z", "modified": "2020-09-30T16:28:14.203Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vc3lzL2ZzL2Nncm91cAlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--5c49681b-4d74-435c-9c5b-88d4c376470d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.223Z", "modified": "2020-09-30T16:28:14.223Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vYm9vdAlWYWx1ZT0wLjE3Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--a56130f3-3866-42a3-aea2-350924bd0d88", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.248Z", "modified": "2020-09-30T16:28:14.248Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vcnVuCVZhbHVlPTAuMTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--15606dcd-afbe-4b6f-9874-9ea3e771921d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.269Z", "modified": "2020-09-30T16:28:14.269Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Jb1dhaXQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d3ec2677-2d7d-435a-87e3-57f22e098132", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.289Z", "modified": "2020-09-30T16:28:14.289Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMTUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NS45Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--0c1fb0c9-51f6-4a60-bf53-f7e44bf142f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.310Z", "modified": "2020-09-30T16:28:14.310Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeUZyZWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NDk4NzAwLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e2f991ee-8ffa-4c4a-8b52-26a0ab307bed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.331Z", "modified": "2020-09-30T16:28:14.331Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2RldglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f302f1a2-de36-4504-8abd-1e232a7d91bf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.352Z", "modified": "2020-09-30T16:28:14.352Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrVXNhZ2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD0vCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--c4b67b4e-17b8-4448-b2f2-d0d865779c67", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.373Z", "modified": "2020-09-30T16:28:14.373Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bglWYWx1ZT04NTY3NjQ0MTYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--ab4ed00c-8b53-40ab-b2b1-93cb27e6a20d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.393Z", "modified": "2020-09-30T16:28:14.393Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Jvb3QJVmFsdWU9MTc4MTA2MzY4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d9e07ce8-862d-4472-836e-16defc302ed7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.413Z", "modified": "2020-09-30T16:28:14.413Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9LwlWYWx1ZT05MDY1NjI2NDE5Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--597e1afd-c95c-487f-ab5b-e78770f35fd4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.434Z", "modified": "2020-09-30T16:28:14.434Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3N5cy9mcy9jZ3JvdXAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e7e76576-16b6-44c0-99ba-7aff6792cee3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.457Z", "modified": "2020-09-30T16:28:14.457Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L2Rldi9zaG0JVmFsdWU9MjA0ODAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d85290ae-74fd-497a-b103-23340f383d3e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.478Z", "modified": "2020-09-30T16:28:14.478Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1NZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcyLjA5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e58f1dcf-1370-463a-a6be-c0cadb698520", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.498Z", "modified": "2020-09-30T16:28:14.498Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnMQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xLjY4Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--066efaa6-3e1c-460b-976c-8e99e6ab730b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.520Z", "modified": "2020-09-30T16:28:14.520Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1IZWFwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNDY5MjYxNTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--a7e9e8ed-1576-4359-8e71-b56768c7894d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.539Z", "modified": "2020-09-30T16:28:14.539Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkQXZnNQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT02LjEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--5b938306-100f-4b16-8a45-cec8847c228a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.559Z", "modified": "2020-09-30T16:28:14.559Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvbkVuZFRpbWVDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTE2MDE0ODMxNTUwMzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--44388e55-d2e6-4394-bf2d-2b4949d9d9b8", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.578Z", "modified": "2020-09-30T16:28:14.578Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5TWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--8bd0c118-c26d-4b30-ac7a-9aa62276b9d6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.598Z", "modified": "2020-09-30T16:28:14.598Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTYwMTQ4MzE1NTAyNwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--8494a1fb-f631-44ae-af6b-c6ce57fbad98", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.617Z", "modified": "2020-09-30T16:28:14.617Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EYWVtb25UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--2fd31883-0eb6-4b28-858b-9a47280f220b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.639Z", "modified": "2020-09-30T16:28:14.639Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDA2OTQzMzc5NTY2Mjg3OTg0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--9cbc516f-4a59-46ab-adb0-e33708e1693d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.659Z", "modified": "2020-09-30T16:28:14.659Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ1My4yMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--8ceea571-1817-41ff-93a1-6aed86682a13", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.678Z", "modified": "2020-09-30T16:28:14.678Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OaWNlQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--195c7f59-173a-4aad-a998-304da85a510b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.698Z", "modified": "2020-09-30T16:28:14.698Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9MC40Mgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7ccbfac3-0c9b-4ac2-ae4e-455b50c1c086", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.718Z", "modified": "2020-09-30T16:28:14.718Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrVHJhbnNtaXR0ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MC4wOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--b2f72107-7a7d-4cf6-b8d6-8bb128941829", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.739Z", "modified": "2020-09-30T16:28:14.739Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9L3J1bi91c2VyLzAJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--4acc95be-1d8e-4183-b603-33347bdd9d81", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.759Z", "modified": "2020-09-30T16:28:14.759Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--a624313f-5fa5-4f9b-a7b1-d87d8bfe3e1b", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.779Z", "modified": "2020-09-30T16:28:14.779Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--510d73d7-585e-43f6-82f8-2c83b11983eb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.798Z", "modified": "2020-09-30T16:28:14.798Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbFN0YXJ0ZWRUaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT05ODAzMTk2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--709d37a4-efeb-49ab-aec4-841caf2621f7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.818Z", "modified": "2020-09-30T16:28:14.818Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VbmxvYWRlZENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjI0Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--aa7a31e2-9291-4bd8-9aa9-7f8bc957a406", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.840Z", "modified": "2020-09-30T16:28:14.840Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUnBzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7615177c-2fde-457d-9606-7f7bbf2b14d7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.860Z", "modified": "2020-09-30T16:28:14.860Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVDUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7755d0e6-312f-425e-8698-4d81378c4c56", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.881Z", "modified": "2020-09-30T16:28:14.881Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYJVmFsdWU9ODMxNjA1OTY0OAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--3a2d2c7f-d7db-4f86-95ca-2edafb47767e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.902Z", "modified": "2020-09-30T16:28:14.902Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4vdXNlci8wCVZhbHVlPTE2NjU2MTc5MjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--0cdf6c62-8e69-474c-be0f-f36c17c1dc60", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.921Z", "modified": "2020-09-30T16:28:14.921Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9zeXMvZnMvY2dyb3VwCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--ec5ee114-0741-461a-8c4d-2c82a2c45eed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.941Z", "modified": "2020-09-30T16:28:14.941Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ib290CVZhbHVlPTEwNjMyNTYwNjQK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f9c2bb8e-11ca-47da-8729-e76c57e695fc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.961Z", "modified": "2020-09-30T16:28:14.961Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9ydW4JVmFsdWU9ODMyODA3NzMxMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--28e019b3-ad09-4d04-bee7-90b906de705a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:14.982Z", "modified": "2020-09-30T16:28:14.982Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS8JVmFsdWU9MjU4NjQ1NDI2MTc2Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--1625937b-bdf8-42f9-b881-83e443aedfcb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.001Z", "modified": "2020-09-30T16:28:15.001Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--42b8d62e-4094-48a7-811e-c1a553853947", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.021Z", "modified": "2020-09-30T16:28:15.021Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTAuMDEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--50a0790b-1404-4245-ab09-72f985f26b5a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.043Z", "modified": "2020-09-30T16:28:15.043Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VUb3RhbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PS9kZXYvc2htCVZhbHVlPTgzMjgwNzczMTIK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f1153c6d-4652-4c50-9bad-264739dbcbbe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.062Z", "modified": "2020-09-30T16:28:15.062Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUXVldWVTaXplCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--226841da-a926-4e39-8370-860bf99aa5fe", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.081Z", "modified": "2020-09-30T16:28:15.081Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BDbG9zZVdhaXRDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--2457c10c-ec4f-474d-ba96-37bb29be0690", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.101Z", "modified": "2020-09-30T16:28:15.101Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1QaHlzaWNhbE1lbW9yeVVzZWQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MS41NzY3MDc2RTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--a4ff53a7-7b37-49af-af8a-3b0e07c2cb56", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.121Z", "modified": "2020-09-30T16:28:15.121Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db3VudERpcmVjdAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yOQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d7e16ea9-147c-4009-aef9-789a82ff0e05", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.141Z", "modified": "2020-09-30T16:28:15.141Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVdyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--5ace59c3-1f52-4d66-8f09-1514975a42f9", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.160Z", "modified": "2020-09-30T16:28:15.160Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXNDcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NC4xOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--592dd420-2495-4547-adbe-3d9a467f7146", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.180Z", "modified": "2020-09-30T16:28:15.180Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1LZXJuZWxPT01Db3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--51f9eae4-b4db-44a5-b30f-967ba4ccb45a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.200Z", "modified": "2020-09-30T16:28:15.200Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--6d7715cb-be2d-40e6-8ecf-2ed142ee2e48", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.222Z", "modified": "2020-09-30T16:28:15.222Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1CdWZmZXJlZE1lbW9yeQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT04MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--6b556daa-850c-4d98-9955-3b28d414e727", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.243Z", "modified": "2020-09-30T16:28:15.243Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTEzNS40Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--591efe48-b9b9-4d3f-9201-a3782c3478f0", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.263Z", "modified": "2020-09-30T16:28:15.263Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3JpdGVzRGV2aWNlCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--19f97385-8637-4af2-b8f0-4fff15006cbf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.283Z", "modified": "2020-09-30T16:28:15.283Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhcldyaXRlSU8JRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--9e8b88b1-4b00-4ee8-9c2f-94385f1840c5", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.302Z", "modified": "2020-09-30T16:28:15.302Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--8b54db98-1d9a-4ed2-8afa-9962286e6fc3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.322Z", "modified": "2020-09-30T16:28:15.322Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1QZWFrVGhyZWFkQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MjQwCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--fdd13d96-1ae9-46a4-ae49-fb40bdadf5e2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.341Z", "modified": "2020-09-30T16:28:15.341Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bVJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--9f2e0c91-cf41-4551-b827-3092f4da7c25", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.362Z", "modified": "2020-09-30T16:28:15.362Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwTWVtb3J5VXNlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT00MTk4OTA4LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--cb3f6fbd-2d41-400f-a037-43cc4f354dee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.382Z", "modified": "2020-09-30T16:28:15.382Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1VZHBDb25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e2199341-1dd8-414f-875a-fc695d4dc9be", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.405Z", "modified": "2020-09-30T16:28:15.405Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Vc2VyQ3B1CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTcuOTUK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--1b98b36c-f19b-46f7-a6eb-a3c71bbe72b7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.425Z", "modified": "2020-09-30T16:28:15.425Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uQ291bnRDb3B5CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--13ea257d-eadd-423a-9586-2bbf699c8c76", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.447Z", "modified": "2020-09-30T16:28:15.447Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MS44OQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e0b91fc5-3801-4aa6-9fcb-b7dc16fbd240", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.468Z", "modified": "2020-09-30T16:28:15.468Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhckNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--78a90131-c4b5-4122-b2a5-f03c65b22688", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.487Z", "modified": "2020-09-30T16:28:15.487Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTIuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--a8f8a365-5516-4e2a-9a8e-a7fca4ed0bed", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.507Z", "modified": "2020-09-30T16:28:15.507Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrQVRpbWUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--b67679cc-57ee-47a2-886b-d140eb74fe7a", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.528Z", "modified": "2020-09-30T16:28:15.528Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1F2bUNQVQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--2821e511-6ec9-45a8-ace6-57ec8b32a7d4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.548Z", "modified": "2020-09-30T16:28:15.548Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--c4952054-6fc1-4582-81d1-a9786ef169c3", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.568Z", "modified": "2020-09-30T16:28:15.568Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1SdW5RdWV1ZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--fcc460f6-7725-4bfe-ad6d-de9caf8e062f", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.587Z", "modified": "2020-09-30T16:28:15.587Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkRGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--14ca0ff4-29b7-4ace-88e6-d615eb098b70", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.610Z", "modified": "2020-09-30T16:28:15.610Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DYWNoZWRNZW1vcnlVc2VkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTQwNDA5MjguMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--2236d999-d738-4135-83f4-e051d4af6b07", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.629Z", "modified": "2020-09-30T16:28:15.629Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9eGZzCVZhbHVlPTAuMzYK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--89fd1440-89a3-4317-aacd-5b013c43a577", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.647Z", "modified": "2020-09-30T16:28:15.648Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrU3BhY2VVc2FnZU1vdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9ZGV2dG1wZnMJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--11993b15-2be1-4b1f-a863-5b298d0cd7b7", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.668Z", "modified": "2020-09-30T16:28:15.668Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qcm9jZXNzQ1BVVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0yNzA4MTYwMDAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--c7c3864a-d645-4c53-b46b-9df3e9dfcca4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.688Z", "modified": "2020-09-30T16:28:15.688Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENvbXBhY3RzQ29weQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7386eb65-a3d8-4d8f-869a-1dddbad9a005", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.707Z", "modified": "2020-09-30T16:28:15.707Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OdW1DcHUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9OC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--b7d761a4-b9e7-48f6-82c8-1024f42053dc", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.727Z", "modified": "2020-09-30T16:28:15.727Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MC4wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--aac5a573-070a-4bbb-81fc-889deafe9eca", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.747Z", "modified": "2020-09-30T16:28:15.747Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc1FyYWRhclJlYWRJTwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--29e811a4-a436-40d6-af89-73a5b7a4448c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.768Z", "modified": "2020-09-30T16:28:15.768Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--6934f728-3ac3-4465-b14c-316f07e99ec4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.789Z", "modified": "2020-09-30T16:28:15.789Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVhZHNEZXZpY2UJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--93584ae6-6066-46dd-a563-0b4e03700d00", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.854Z", "modified": "2020-09-30T16:28:15.854Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEyCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--87dcb086-0f3e-4595-bde3-a61d7b45f01e", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.875Z", "modified": "2020-09-30T16:28:15.875Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UQ1BFc3RhYmxpc2hlZAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NjIxCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--435ba5c8-ccde-4dcd-acdc-f8fbf18d703c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.897Z", "modified": "2020-09-30T16:28:15.897Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGEJVmFsdWU9MTguMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--fd9ef245-7452-4762-a4cb-e7dd22715fa4", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.919Z", "modified": "2020-09-30T16:28:15.919Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrUmVxdWVzdFNpemUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJRWxlbWVudD12ZGExCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e6fdd341-045e-4869-9bca-3004069964bf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.941Z", "modified": "2020-09-30T16:28:15.941Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0wCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f2d128e3-0092-4ac2-8333-29b1d472c3ea", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.963Z", "modified": "2020-09-30T16:28:15.963Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MaXN0ZW5Db25uZWN0aW9ucwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PW5ldHN0YXQJVmFsdWU9NTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--5dfe9ae6-d763-4a1c-8efd-17d4104b4caa", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:15.982Z", "modified": "2020-09-30T16:28:15.982Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhCVZhbHVlPTcuNAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--78c240d2-c7f2-4d2d-a89b-73e5406d2990", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.003Z", "modified": "2020-09-30T16:28:16.003Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENhcGFjaXR5RGlyZWN0CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEzMzk0MTU1Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--edbb5cfa-1696-46d4-8cca-fe4539945aee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.024Z", "modified": "2020-09-30T16:28:16.024Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMglWYWx1ZT03LjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--81448357-64ab-4201-baf6-2b9b49a294db", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.044Z", "modified": "2020-09-30T16:28:16.044Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1Td2FwVXRpbAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xMi40Nwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--458d01c3-395a-42e6-8b9d-91e3ea7cd082", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.064Z", "modified": "2020-09-30T16:28:16.064Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Db2xsZWN0aW9uVGltZUNvcHkJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NQo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--32f6b50a-222c-43ad-8db6-9a3200f4daee", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.083Z", "modified": "2020-09-30T16:28:16.083Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1TeXN0ZW1DUFUJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9NC4xOAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--f8f7a3ab-f68c-4fc3-a5d2-1cdb9dffa69c", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.104Z", "modified": "2020-09-30T16:28:16.104Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1EaXNrV3BzCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9dmRhMQlWYWx1ZT0wLjAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--77f6cb48-3df9-4a0b-89ef-88b66e64dfef", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.124Z", "modified": "2020-09-30T16:28:16.124Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UY3BUaW1lV2FpdENvbm5lY3Rpb25zCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCUVsZW1lbnQ9bmV0c3RhdAlWYWx1ZT0xMzEK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--c1cfbb56-b926-485d-bd17-7305f6f9d3cb", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.143Z", "modified": "2020-09-30T16:28:16.143Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Ub3RhbENsYXNzQ291bnQJRGVwbG95bWVudElEPWNjODA5ZDZjLWU1ZDctMTFlOS04MmE5LTAwMDAwYTFmMGUxOQlIb3N0TmFtZT1iZW50ZXN0CUNvbXBvbmVudFR5cGU9aG9zdGNvbnRleHQJQ29tcG9uZW50TmFtZT1ob3N0Y29udGV4dAlkZXZUaW1lPTIwMjAvMDkvMzAgMDk6MjY6MDUgLTA3MDAJZGV2VGltZUZvcm1hdD15eXl5L01NL2RkIEhIOm1tOnNzIFoJVmFsdWU9MTEwNDMK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--9f090db9-422a-4cb8-ac2e-65e8175bc3ff", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.162Z", "modified": "2020-09-30T16:28:16.162Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Qb3N0Z3Jlc0NvcmVXcml0ZUlPCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAuMAo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--b719a9e6-c5ce-4576-883d-a155978aab67", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.181Z", "modified": "2020-09-30T16:28:16.181Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDEJVmFsdWU9NS4yMgo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--75124363-8e21-4acd-8b9f-589bc6ca6ba6", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.201Z", "modified": "2020-09-30T16:28:16.201Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1UaHJlYWRDb3VudAlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xOTcK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--7dc62ed0-2fc1-416c-b96f-07a385e67510", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.222Z", "modified": "2020-09-30T16:28:16.222Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1Mb2FkZWRDbGFzc0NvdW50CURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTEwODE5Cg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--74fc27c1-2f40-4c4d-bacb-28170223e4bf", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.242Z", "modified": "2020-09-30T16:28:16.242Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1NZW1vcnlVc2VkTWFwcGVkCURlcGxveW1lbnRJRD1jYzgwOWQ2Yy1lNWQ3LTExZTktODJhOS0wMDAwMGExZjBlMTkJSG9zdE5hbWU9YmVudGVzdAlDb21wb25lbnRUeXBlPWhvc3Rjb250ZXh0CUNvbXBvbmVudE5hbWU9aG9zdGNvbnRleHQJZGV2VGltZT0yMDIwLzA5LzMwIDA5OjI2OjA1IC0wNzAwCWRldlRpbWVGb3JtYXQ9eXl5eS9NTS9kZCBISDptbTpzcyBaCVZhbHVlPTAK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--d2eef347-8431-4775-bf5e-b91e1d6404c2", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.262Z", "modified": "2020-09-30T16:28:16.262Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWV0aDAJVmFsdWU9MTIuNTkK" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--3ffef5fa-959c-4601-b617-39784a1e289d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.283Z", "modified": "2020-09-30T16:28:16.283Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1MYXN0Q29sbGVjdGlvblN0YXJ0VGltZQlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglWYWx1ZT0xNjAxNDgxMDUxMzgyCg==" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 }, { "id": "observed-data--e1fd14eb-7e34-4b84-9dbc-c498e5fa892d", "type": "observed-data", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2020-09-30T16:28:16.303Z", "modified": "2020-09-30T16:28:16.303Z", "objects": { "0": { "type": "ipv4-addr", "value": "9.28.234.169", "resolves_to_refs": [ "2" ] }, "1": { "type": "network-traffic", "src_ref": "0", "src_port": 0, "dst_ref": "3", "dst_port": 0, "protocols": [ "reserved" ] }, "2": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "3": { "type": "ipv4-addr", "value": "127.0.0.1", "resolves_to_refs": [ "4" ] }, "4": { "type": "mac-addr", "value": "00:00:00:00:00:00" }, "5": { "type": "artifact", "payload_bin": "U2VwIDMwIDA5OjI2OjA1IDEyNy4wLjAuMSAgW1RocmVhZC01Nl0gY29tLnExbGFicy5ob3N0Y29udGV4dC5oZWFsdGguQWdlbnQ6IFtJTkZPXSBbTk9UOjAwMDAwMDYwMDBdWzkuMjguMjM0LjE2OS8tIC1dIFstLy0gLV1MRUVGOjEuMHxRUmFkYXJ8SGVhbHRoIEFnZW50fDcuMi40fFFSYWRhckhlYWx0aE1ldHJpY3xNZXRyaWNJRD1OZXR3b3JrUmVjZWl2ZWRCeXRlcwlEZXBsb3ltZW50SUQ9Y2M4MDlkNmMtZTVkNy0xMWU5LTgyYTktMDAwMDBhMWYwZTE5CUhvc3ROYW1lPWJlbnRlc3QJQ29tcG9uZW50VHlwZT1ob3N0Y29udGV4dAlDb21wb25lbnROYW1lPWhvc3Rjb250ZXh0CWRldlRpbWU9MjAyMC8wOS8zMCAwOToyNjowNSAtMDcwMAlkZXZUaW1lRm9ybWF0PXl5eXkvTU0vZGQgSEg6bW06c3MgWglFbGVtZW50PWxvCVZhbHVlPTQ1My4yMwo=" } }, "x_ibm_ariel": { "event_name": "Health Metric", "qid": 94000001, "category_name": "Information", "category_id": 8052, "high_level_category_name": "System", "high_level_category_id": 8000, "log_source_id": 69, "device_type": 368, "log_source_type_name": "Health Metrics", "log_source_name": "Health Metrics-2 :: bentest", "direction": "R2R", "identity_ip": "0.0.0.0", "magnitude": 3, "severity": 2, "credibility": 10, "relevance": 1, "geographic": "NorthAmerica.UnitedStates", "cre_event_list": [ "100090", "100205", "100211", "100356", "100555", "100249", "100246" ], "rule_names": [ "BB:NetworkDefinition: Honeypot like Addresses", "Destination Asset Weight is Low", "Source Asset Weight is Low", "offense", "ECBB:CategoryDefinition: Destination IP is a Third Country/Region", "BB:NetworkDefinition: Darknet Addresses", "Load Basic Building Blocks" ], "domain_id": 0, "domain_name": "Default Domain" }, "first_observed": "2020-09-30T16:26:05.776Z", "last_observed": "2020-09-30T16:26:05.776Z", "number_observed": 1 } ] }