代码拉取完成,页面将自动刷新
[{"req_id":"187f96f1506d42c18dd2f388d32714fa","os":"general","region":"局域网","subfunc":"登录验证","src_ip":"10.106.23.87","user_name":"[email protected]","user_type":"主帐号","action":"add","event_src":"console","return_code":200,"datatype":"system_audit","id":"64534f503ac757083d7f9720","comid":"4f735647505558527031","event_type":"auth","event_name":"通用功能-账号认证-登录验证-用户登录","func":"账号认证","datasource":"qtalert.log","datatime":1683181392,"type":"monitor"},{"datatype":"system_audit","datasource":"qtalert.log","event_src":"console","os":"general","subfunc":"退出登录","user_type":"主帐号","datatime":1683181718,"action":"add","type":"monitor","event_type":"auth","return_code":200,"user_name":"[email protected]","id":"645350d8dc242630ee16ceb4","event_name":"通用功能-用户账号管理-退出登录-退出登录","region":"局域网","req_id":"7c137f8ab2054ad1b304e99452340210","comid":"646e34364f4347765156","func":"用户账号管理","src_ip":"10.106.23.88"},{"region":"局域网","action":"add","id":"64535180dc242630ee16cebf","os":"windows","src_ip":"10.106.23.87","comid":"4f735647505558527031","user_name":"[email protected]","return_code":200,"datatype":"system_audit","subfunc":"资产清点","req_id":"69111381ca65432c8beb43087d7bd3a8","user_type":"主帐号","event_src":"console","func":"Windows","datasource":"qtalert.log","datatime":1683181952,"type":"monitor","event_type":"execute","event_name":"Windows-资产清点-数据更新"},{"action":"add","comid":"4f735647505558527031","os":"windows","func":"资产清点","subfunc":"主机管理","req_id":"db5550d30450472e885e6898994b022b","datatype":"system_audit","datatime":1683182009,"event_name":"Windows-资产清点-主机管理-查看资产信息","return_code":200,"datasource":"qtalert.log","user_name":"[email protected]","user_type":"主帐号","type":"monitor","id":"645351b9dc242630ee16dd1c","event_type":"check","event_src":"console","src_ip":"10.106.23.87","region":"局域网"},{"datatype":"system_audit","type":"monitor","os":"general","src_ip":"10.106.23.88","user_type":"主帐号","region":"局域网","datasource":"qtalert.log","return_code":200,"datatime":1683182023,"action":"add","id":"645351c7dc242630ee16dd1f","event_type":"auth","event_src":"console","subfunc":"登录验证","comid":"646e34364f4347765156","event_name":"通用功能-账号认证-登录验证-用户登录","func":"账号认证","req_id":"ccd7eeb40dc849b5be00739dd9d3ef85","user_name":"[email protected]"},{"datatype":"system_audit","type":"monitor","subfunc":"主机管理","src_ip":"10.106.23.87","action":"add","comid":"4f735647505558527031","id":"645351d7dc242630ee16e611","event_name":"Windows-资产清点-主机管理-查看资产信息","event_src":"console","os":"windows","user_name":"[email protected]","return_code":200,"datasource":"qtalert.log","datatime":1683182039,"event_type":"check","func":"资产清点","region":"局域网","req_id":"784d5d0023a741f0b7d7aaa3f5844bf8","user_type":"主帐号"},{"comid":"646e34364f4347765156","event_type":"auth","event_name":"通用功能-账号认证-登录验证-用户登录","src_ip":"10.106.23.88","user_name":"[email protected]","datatype":"system_audit","id":"645351e1dc242630ee16e616","req_id":"84c3acdd8c834bd9b9ac4dd349d120ca","user_type":"主帐号","datatime":1683182049,"func":"账号认证","return_code":200,"datasource":"qtalert.log","action":"add","type":"monitor","event_src":"console","os":"general","subfunc":"登录验证","region":"局域网"},{"datatype":"system_audit","datatime":1683182069,"event_src":"console","subfunc":"主机管理","region":"局域网","action":"add","type":"monitor","os":"windows","src_ip":"10.106.23.87","req_id":"3b071ea3653e4689b29177be0b2850d1","datasource":"qtalert.log","comid":"4f735647505558527031","event_type":"check","event_name":"Windows-资产清点-主机管理-查看资产信息","user_name":"[email protected]","user_type":"主帐号","return_code":200,"id":"645351f5dc242630ee16e617","func":"资产清点"},{"action":"add","event_name":"Windows-资产清点-账户管理-查看账号信息","region":"局域网","datatime":1683182086,"event_src":"console","os":"windows","subfunc":"账户管理","return_code":200,"datasource":"qtalert.log","datatype":"system_audit","event_type":"check","user_type":"主帐号","type":"monitor","comid":"4f735647505558527031","id":"64535206dc242630ee16e618","func":"资产清点","src_ip":"10.106.23.87","req_id":"323730c34ab44c0fbcc434f7c7dfbb80","user_name":"[email protected]"},{"id":"64535207dc242630ee16e619","event_name":"Windows-资产清点-站点管理-查看Web站点信息","src_ip":"10.106.23.87","user_name":"[email protected]","action":"add","type":"monitor","os":"windows","subfunc":"站点管理","region":"局域网","datasource":"qtalert.log","datatype":"system_audit","datatime":1683182087,"comid":"4f735647505558527031","func":"资产清点","user_type":"主帐号","event_type":"check","event_src":"console","req_id":"fa10e71136e848cfa55f7e42b27c37d8","return_code":200},{"src_ip":"10.106.23.87","req_id":"2c7b0403308c44629064d35fe51f0fbe","return_code":200,"datatype":"system_audit","datatime":1683182143,"action":"add","id":"6453523fdc242630ee16e620","func":"资产清点","user_type":"主帐号","datasource":"qtalert.log","type":"monitor","event_type":"check","event_src":"console","os":"windows","subfunc":"Web管理","comid":"4f735647505558527031","event_name":"Windows-资产清点-Web管理-查看Java框架信息","region":"局域网","user_name":"[email protected]"},{"type":"monitor","func":"入侵检测","datasource":"qtalert.log","event_src":"console","region":"局域网","req_id":"eb2944a8d43145809ddc87c4dbe35a57","user_name":"[email protected]","datatime":1683182156,"action":"add","comid":"646e34364f4347765156","event_name":"Linux-入侵检测-异常登录-查看事件信息","user_type":"主帐号","return_code":200,"datatype":"system_audit","id":"6453524cdc242630ee16e621","event_type":"check","os":"linux","subfunc":"异常登录","src_ip":"10.106.23.88"},{"id":"64535255dc242630ee16efa6","region":"局域网","req_id":"77cfaeeb7af14fd8a61d11494c99fef9","return_code":200,"datatype":"system_audit","datatime":1683182165,"os":"windows","src_ip":"10.106.23.87","user_name":"[email protected]","type":"monitor","event_name":"Windows-资产清点-站点管理-查看IIS站点信息","user_type":"主帐号","comid":"4f735647505558527031","func":"资产清点","event_src":"console","subfunc":"站点管理","datasource":"qtalert.log","action":"add","event_type":"check"},{"datatime":1683182214,"type":"monitor","event_type":"check","os":"linux","datasource":"qtalert.log","action":"add","id":"64535286dc242630ee16f1b1","src_ip":"10.106.23.88","region":"局域网","return_code":200,"event_name":"Linux-资产清点-主机资产-查看主机资产信息","event_src":"console","func":"资产清点","subfunc":"主机资产","user_name":"[email protected]","user_type":"主帐号","datatype":"system_audit","comid":"646e34364f4347765156","req_id":"81cf2b6949e844b3b7847073b31e3ce2"},{"id":"6453528adc242630ee16f1b2","os":"linux","func":"Linux","user_type":"主帐号","return_code":200,"datatime":1683182218,"event_type":"auth","region":"局域网","user_name":"[email protected]","event_name":"Linux-合规基线-凭证管理密码验证","req_id":"5d5d5abe11bc4b6eaf5a66f6bdf62d6c","datatype":"system_audit","action":"add","type":"monitor","comid":"646e34364f4347765156","event_src":"console","subfunc":"合规基线","src_ip":"10.106.23.88","datasource":"qtalert.log"},{"datatime":1683182224,"id":"64535290dc242630ee16f1c2","event_src":"console","region":"局域网","req_id":"0bdfb3973f584eeeba11861d711d149e","datasource":"qtalert.log","type":"monitor","event_type":"check","user_name":"[email protected]","return_code":200,"action":"add","comid":"646e34364f4347765156","os":"linux","func":"资产清点","src_ip":"10.106.23.88","user_type":"主帐号","datatype":"system_audit","event_name":"Linux-资产清点-主机资产-查看主机资产信息","subfunc":"主机资产"},{"target_port":443,"datatype":"evil_connect","source_ip":"192.168.232.135","target_ip":"20.106.86.13","update_time":"2023-05-04 06:51:02","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(796)","datasource":"qtalert.log","agent_ip":"192.168.232.135","internal_ip":"192.168.232.135","severity":2,"count":2,"source_port":54890,"process_name":"taskhostw.exe","proc_path":"C:\\Windows\\System32\\taskhostw.exe","create_time":"2023-05-04 06:51:01","agent_id":"6447946e55f89ff3","comid":"3948414b50687073324a","group":2,"event_type":"out_connect","event_level":"alert","group_name":"未分组主机","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(20.106.86.13美国)的网络连接","url":"http://10.106.110.28/next/#/out-connect/alarm","protocol":"TCP","rule_name":"dfsdf","host_name":"DESKTOP-0FAOTBA","event_name":"恶意外联"},{"event_type":"out_connect","event_level":"alert","target_ip":"settings-win.data.microsoft.com","severity":2,"internal_ip":"192.168.232.135","group":2,"agent_id":"6447946e55f89ff3","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(settings-win.data.microsoft.com)的网络连接","source_ip":"192.168.232.135","proc_path":"C:\\Windows\\System32\\taskhostw.exe","rule_name":"dfsdf","create_time":"2023-05-03 11:11:30","datatype":"evil_connect","agent_ip":"192.168.232.135","process_name":"taskhostw.exe","count":57,"datasource":"qtalert.log","host_name":"DESKTOP-0FAOTBA","group_name":"未分组主机","url":"http://10.106.110.28/next/#/out-connect/alarm","update_time":"2023-05-04 14:38:24","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","comid":"3948414b50687073324a","event_name":"恶意外联"},{"target_ip":"settings-win.data.microsoft.com","datasource":"qtalert.log","host_name":"DESKTOP-0FAOTBA","group":2,"agent_id":"6447946e55f89ff3","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(settings-win.data.microsoft.com)的网络连接","process_name":"taskhostw.exe","internal_ip":"192.168.232.135","source_ip":"192.168.232.135","create_time":"2023-05-03 11:11:30","count":58,"event_name":"恶意外联","proc_path":"C:\\Windows\\System32\\taskhostw.exe","update_time":"2023-05-04 14:38:24","datatype":"evil_connect","agent_ip":"192.168.232.135","group_name":"未分组主机","comid":"3948414b50687073324a","event_level":"alert","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","event_type":"out_connect","url":"http://10.106.110.28/next/#/out-connect/alarm","rule_name":"dfsdf","severity":2},{"datatype":"evil_connect","agent_ip":"192.168.232.135","comid":"3948414b50687073324a","rule_name":"dfsdf","datasource":"qtalert.log","group":2,"agent_id":"6447946e55f89ff3","event_level":"alert","proc_path":"C:\\Windows\\System32\\taskhostw.exe","create_time":"2023-05-03 11:11:30","update_time":"2023-05-04 13:17:48","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(4664)","internal_ip":"192.168.232.135","event_type":"out_connect","event_name":"恶意外联","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(settings-win.data.microsoft.com)的网络连接","url":"http://10.106.110.28/next/#/out-connect/alarm","severity":2,"host_name":"DESKTOP-0FAOTBA","group_name":"未分组主机","source_ip":"192.168.232.135","process_name":"taskhostw.exe","target_ip":"settings-win.data.microsoft.com","count":56},{"datatype":"evil_connect","internal_ip":"192.168.232.135","group":2,"comid":"3948414b50687073324a","event_level":"alert","rule_name":"dfsdf","agent_ip":"192.168.232.135","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(20.106.86.13美国)的网络连接","target_ip":"20.106.86.13","protocol":"TCP","url":"http://10.106.110.28/next/#/out-connect/alarm","source_port":54977,"proc_path":"C:\\Windows\\System32\\taskhostw.exe","severity":2,"host_name":"DESKTOP-0FAOTBA","process_name":"taskhostw.exe","target_port":443,"create_time":"2023-05-04 06:51:01","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","update_time":"2023-05-04 14:38:23","count":3,"group_name":"未分组主机","event_type":"out_connect","proc_cmd":"taskhostw.exe","agent_id":"6447946e55f89ff3","event_name":"恶意外联","source_ip":"192.168.232.135","datasource":"qtalert.log"},{"agent_ip":"192.168.232.135","url":"http://10.106.110.28/next/#/out-connect/alarm","agent_id":"6447946e55f89ff3","rule_name":"dfsdf","datasource":"qtalert.log","event_level":"alert","datatype":"evil_connect","source_ip":"192.168.232.135","process_name":"taskhostw.exe","target_port":443,"process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","group_name":"未分组主机","source_port":54979,"comid":"3948414b50687073324a","target_ip":"20.106.86.13","create_time":"2023-05-04 06:51:01","internal_ip":"192.168.232.135","group":2,"event_type":"out_connect","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(20.106.86.13美国)的网络连接","protocol":"TCP","update_time":"2023-05-04 14:38:25","host_name":"DESKTOP-0FAOTBA","event_name":"恶意外联","proc_path":"C:\\Windows\\System32\\taskhostw.exe","severity":2,"count":4},{"datatype":"system_audit","datatime":1683182309,"action":"add","src_ip":"10.106.23.88","type":"monitor","comid":"646e34364f4347765156","id":"645352e5dc242630ee16f1d8","os":"linux","subfunc":"合规基线","region":"局域网","user_name":"[email protected]","user_type":"主帐号","return_code":200,"datasource":"qtalert.log","event_type":"auth","event_name":"Linux-合规基线-凭证管理密码验证","event_src":"console","func":"Linux","req_id":"ac6e4a22603447b9a0686661b998aa03"},{"update_time":"2023-05-04 14:09:56","agent_ip":"192.168.232.135","agent_id":"6447946e55f89ff3","event_type":"out_connect","event_level":"alert","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(ctldl.windowsupdate.com)的网络连接","create_time":"2023-05-03 11:12:31","internal_ip":"192.168.232.135","group":2,"url":"http://10.106.110.28/next/#/out-connect/alarm","target_ip":"ctldl.windowsupdate.com","datasource":"qtalert.log","severity":2,"count":35,"datatype":"evil_connect","host_name":"DESKTOP-0FAOTBA","group_name":"未分组主机","comid":"3948414b50687073324a","source_ip":"192.168.232.135","process_name":"svchost.exe","process_tree":"svchost.exe(3024)","event_name":"恶意外联","proc_path":"C:\\Windows\\System32\\svchost.exe","proc_cmd":"C:\\Windows\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","rule_name":"dfsdf"},{"group_name":"未分组主机","count":1,"event_content":"[恶意外联]发现主机(192.168.232.135)存在向(123.6.106.1中国,河南,郑州)的网络连接","datasource":"qtalert.log","group":2,"event_type":"out_connect","protocol":"TCP","proc_path":"C:\\Windows\\System32\\svchost.exe","datatype":"evil_connect","host_name":"DESKTOP-0FAOTBA","update_time":"2023-05-04 14:39:23","process_tree":"svchost.exe(3024)","target_port":80,"rule_name":"dfsdf","event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","source_ip":"192.168.232.135","agent_ip":"192.168.232.135","comid":"3948414b50687073324a","process_name":"svchost.exe","create_time":"2023-05-04 14:39:23","internal_ip":"192.168.232.135","event_level":"alert","target_ip":"123.6.106.1","severity":2,"proc_cmd":"C:\\Windows\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","agent_id":"6447946e55f89ff3","source_port":54980},{"datatype":"evil_connect","agent_ip":"192.168.232.40","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(settings-win.data.microsoft.com)的网络连接","target_ip":"settings-win.data.microsoft.com","rule_name":"dfsdf","count":62,"group_name":"未分组主机","comid":"3948414b50687073324a","event_level":"alert","event_name":"恶意外联","create_time":"2023-05-03 10:22:35","host_name":"DESKTOP-DVUFH8V","internal_ip":"192.168.232.40","group":2,"event_type":"out_connect","source_ip":"192.168.232.40","proc_path":"C:\\Windows\\System32\\taskhostw.exe","severity":2,"process_tree":"svchost.exe(1908)-\u0026gt;taskhostw.exe(5028)","agent_id":"6447503c55f89fee","url":"http://10.106.110.28/next/#/out-connect/alarm","process_name":"taskhostw.exe","update_time":"2023-05-04 13:35:17","datasource":"qtalert.log"},{"id":"64535338dc242630ee16f1ef","event_type":"check","event_name":"Linux-资产清点-主机资产-查看主机资产信息","src_ip":"10.106.23.77","region":"局域网","datatime":1683182392,"comid":"646e34364f4347765156","event_src":"console","os":"linux","func":"资产清点","subfunc":"主机资产","action":"add","return_code":200,"datasource":"qtalert.log","user_name":"[email protected]","type":"monitor","req_id":"ffb1cbc1db6847feaff911ef68806a0f","user_type":"主帐号","datatype":"system_audit"},{"event_src":"console","os":"general","subfunc":"扫描任务","region":"局域网","datatype":"system_audit","action":"add","type":"monitor","event_type":"create","req_id":"d5a7010ac79046afbef279df46888fb8","datatime":1683182403,"id":"64535343dc242630ee16f1f7","func":"文件完整性","user_type":"主帐号","comid":"646e34364f4347765156","user_name":"[email protected]","return_code":200,"datasource":"qtalert.log","event_name":"通用功能-文件完整性-扫描任务-创建任务","src_ip":"10.106.23.77"},{"pname":"sshd","uname":"root","login_type":"password","logout_reason":-1,"datatype":"access_log","location":"局域网","type":"monitor","group":70,"agent_id":"645331065b394485","os":"linux","log_type":1,"datasource":"qtalert.log","agent_ip":"10.106.113.116","action":"add","internal_ip":"10.106.113.116","src_ip":"10.106.23.88","pid":4456,"datatime":1683182415,"host_name":"localhost.localdomain","comid":"646e34364f4347765156","port":22,"login_con_port":59750,"login_err_reason":-1,"group_name":"信创os兼容","severity":0},{"src_ip":"10.106.23.88","uname":"root","login_type":"password","datasource":"qtalert.log","type":"monitor","agent_id":"645331065b394485","group":70,"log_type":1,"pname":"sshd","port":22,"internal_ip":"10.106.113.116","action":"add","host_name":"localhost.localdomain","severity":0,"comid":"646e34364f4347765156","pid":4551,"login_err_reason":-1,"logout_reason":-1,"datatime":1683182422,"agent_ip":"10.106.113.116","os":"linux","location":"局域网","login_con_port":59770,"datatype":"access_log","group_name":"信创os兼容"},{"return_code":200,"datasource":"qtalert.log","id":"6453536fdc242630ee16f1f8","event_type":"auth","comid":"646e34364f4347765156","func":"Linux","src_ip":"10.106.23.88","action":"add","type":"monitor","event_src":"console","os":"linux","region":"局域网","user_name":"[email protected]","user_type":"主帐号","datatype":"system_audit","datatime":1683182447,"req_id":"c4af072aff40400db8978d2a7ace263d","event_name":"Linux-合规基线-凭证管理密码验证","subfunc":"合规基线"},{"datatype":"system_audit","id":"64535404dc242630ee16f209","user_type":"主帐号","comid":"4f735647505558527031","event_src":"console","user_name":"[email protected]","req_id":"4b94b5c8adeb4e3db278d4d7c9cc3bec","return_code":200,"datasource":"qtalert.log","action":"add","type":"monitor","event_name":"通用功能-服务工具-Agent管理-查看Agent信息","os":"general","src_ip":"10.106.23.87","datatime":1683182596,"event_type":"check","func":"服务工具","subfunc":"Agent管理","region":"局域网"},{"action":"add","region":"局域网","user_name":"[email protected]","event_name":"通用功能-服务工具-Agent管理-查看Agent信息","os":"general","src_ip":"10.106.23.87","req_id":"579435512ff2443c82e8ef6e25ac9d6b","datasource":"qtalert.log","datatime":1683182597,"type":"monitor","comid":"4f735647505558527031","event_src":"console","user_type":"主帐号","func":"服务工具","subfunc":"Agent管理","return_code":200,"datatype":"system_audit","id":"64535405dc242630ee16f20a","event_type":"check"},{"src_ip":"10.106.23.87","uname":"Administrator","logout_reason":-1,"login_con_port":-1,"datasource":"qtalert.log","datatime":1683182628,"internal_ip":"172.16.23.245","action":"add","agent_id":"64531ce25b394483","log_type":1,"port":3389,"datatype":"access_log","host_name":"WIN-F8QAIC06VOK","comid":"4f735647505558527031","os":"windows","location":"局域网","pname":"rdp","agent_ip":"172.16.23.245","group_name":"未分组主机","severity":0,"type":"monitor","group":2},{"event_name":"通用功能-文件完整性-扫描任务-重新生成基准","event_src":"console","func":"文件完整性","src_ip":"10.106.23.77","datatime":1683182677,"action":"add","type":"monitor","id":"64535455dc242630ee16f210","req_id":"6e836c231cc74b11870bbb0d9c4ac0c5","user_name":"[email protected]","user_type":"主帐号","datatype":"system_audit","comid":"646e34364f4347765156","subfunc":"扫描任务","return_code":200,"event_type":"execute","os":"general","region":"局域网","datasource":"qtalert.log"},{"type":"monitor","agent_id":"645331065b394485","group_name":"信创os兼容","pname":"sshd","pid":4551,"login_err_reason":-1,"logout_reason":0,"datatime":1683182765,"comid":"646e34364f4347765156","log_type":2,"src_ip":"10.106.23.88","location":"局域网","group":70,"os":"linux","datatype":"access_log","agent_ip":"10.106.113.116","host_name":"localhost.localdomain","internal_ip":"10.106.113.116","severity":0,"action":"add","uname":"root","port":22,"login_con_port":-1,"datasource":"qtalert.log"},{"src_ip":"10.106.23.88","location":"局域网","uname":"root","group_name":"信创os兼容","action":"add","os":"linux","host_name":"localhost.localdomain","login_err_reason":-1,"agent_id":"645331065b394485","comid":"646e34364f4347765156","login_con_port":-1,"internal_ip":"10.106.113.116","severity":0,"type":"monitor","group":70,"log_type":2,"pname":"sshd","pid":4456,"port":22,"datatype":"access_log","datatime":1683182775,"agent_ip":"10.106.113.116","logout_reason":0,"datasource":"qtalert.log"},{"event_type":"out_connect","event_level":"alert","severity":2,"proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p","create_time":"2023-05-04 08:16:20","update_time":"2023-05-04 08:16:20","count":1,"internal_ip":"192.168.232.40","group":2,"protocol":"TCP","process_tree":"svchost.exe(3212)","datatype":"evil_connect","agent_ip":"192.168.232.40","agent_id":"6447503c55f89fee","datasource":"qtalert.log","source_ip":"192.168.232.40","proc_path":"C:\\Windows\\System32\\svchost.exe","rule_name":"dfsdf","event_name":"恶意外联","group_name":"未分组主机","target_port":443,"comid":"3948414b50687073324a","url":"http://10.106.110.28/next/#/out-connect/alarm","process_name":"svchost.exe","target_ip":"104.208.16.90","host_name":"DESKTOP-DVUFH8V","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(104.208.16.90美国)的网络连接","source_port":62609},{"agent_id":"6447503c55f89fee","event_type":"out_connect","target_ip":"v10.events.data.microsoft.com","process_tree":"svchost.exe(3212)","agent_ip":"192.168.232.40","internal_ip":"192.168.232.40","group":2,"source_ip":"192.168.232.40","process_name":"svchost.exe","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p","severity":2,"datasource":"qtalert.log","datatype":"evil_connect","event_level":"alert","event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","proc_path":"C:\\Windows\\System32\\svchost.exe","rule_name":"dfsdf","update_time":"2023-05-04 14:16:21","count":81,"host_name":"DESKTOP-DVUFH8V","group_name":"未分组主机","comid":"3948414b50687073324a","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(v10.events.data.microsoft.com)的网络连接","create_time":"2023-05-03 10:46:20"},{"source_ip":"192.168.232.40","process_name":"svchost.exe","proc_path":"C:\\Windows\\System32\\svchost.exe","datatype":"evil_connect","agent_ip":"192.168.232.40","group_name":"未分组主机","event_level":"alert","event_name":"恶意外联","severity":2,"host_name":"DESKTOP-DVUFH8V","internal_ip":"192.168.232.40","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k NetworkService -p -s DoSvc","update_time":"2023-05-04 14:19:33","count":23,"datasource":"qtalert.log","group":2,"agent_id":"6447503c55f89fee","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(array801.prod.do.dsp.mp.microsoft.com)的网络连接","rule_name":"dfsdf","process_tree":"svchost.exe(4488)","comid":"3948414b50687073324a","event_type":"out_connect","url":"http://10.106.110.28/next/#/out-connect/alarm","target_ip":"array801.prod.do.dsp.mp.microsoft.com","create_time":"2023-05-04 04:54:09"},{"agent_ip":"192.168.232.40","event_name":"恶意外联","severity":2,"create_time":"2023-05-04 04:54:10","process_tree":"svchost.exe(4488)","datatype":"evil_connect","agent_id":"6447503c55f89fee","event_type":"out_connect","process_name":"svchost.exe","target_ip":"40.91.80.89","proc_path":"C:\\Windows\\System32\\svchost.exe","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k NetworkService -p -s DoSvc","rule_name":"dfsdf","update_time":"2023-05-04 14:19:33","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(40.91.80.89美国)的网络连接","host_name":"DESKTOP-DVUFH8V","source_port":62695,"datasource":"qtalert.log","target_port":443,"source_ip":"192.168.232.40","internal_ip":"192.168.232.40","group_name":"未分组主机","event_level":"alert","url":"http://10.106.110.28/next/#/out-connect/alarm","group":2,"comid":"3948414b50687073324a","protocol":"TCP","count":23},{"internal_ip":"192.168.232.40","rule_name":"dfsdf","severity":2,"update_time":"2023-05-04 14:47:21","agent_ip":"192.168.232.40","host_name":"DESKTOP-DVUFH8V","url":"http://10.106.110.28/next/#/out-connect/alarm","target_ip":"122.189.81.111","proc_path":"C:\\Windows\\System32\\svchost.exe","proc_cmd":"C:\\WINDOWS\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","create_time":"2023-05-04 14:47:21","datasource":"qtalert.log","group_name":"未分组主机","event_type":"out_connect","process_name":"svchost.exe","datatype":"evil_connect","comid":"3948414b50687073324a","agent_id":"6447503c55f89fee","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(122.189.81.111中国,湖北,荆州)的网络连接","process_tree":"svchost.exe(3204)","event_level":"alert","group":2,"target_port":80,"source_port":62705,"protocol":"TCP","count":1,"event_name":"恶意外联","source_ip":"192.168.232.40"},{"count":22,"datatype":"evil_connect","internal_ip":"192.168.232.40","group":2,"event_level":"alert","url":"http://10.106.110.28/next/#/out-connect/alarm","target_ip":"ctldl.windowsupdate.com","proc_path":"C:\\Windows\\System32\\svchost.exe","process_tree":"svchost.exe(3204)","comid":"3948414b50687073324a","event_type":"out_connect","event_name":"恶意外联","proc_cmd":"C:\\WINDOWS\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","rule_name":"dfsdf","group_name":"未分组主机","agent_id":"6447503c55f89fee","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(ctldl.windowsupdate.com)的网络连接","source_ip":"192.168.232.40","create_time":"2023-05-03 10:47:21","datasource":"qtalert.log","agent_ip":"192.168.232.40","host_name":"DESKTOP-DVUFH8V","process_name":"svchost.exe","severity":2,"update_time":"2023-05-04 13:47:21"},{"type":"monitor","event_name":"Windows-资产清点-Web管理-查看Web服务信息","subfunc":"Web管理","datatype":"system_audit","comid":"4f735647505558527031","event_src":"console","os":"windows","src_ip":"10.106.23.87","return_code":200,"datatime":1683182950,"id":"64535566dc242630ee16f23a","func":"资产清点","req_id":"56524843fd0a4f2e9bf0fc82df62120e","user_name":"[email protected]","action":"add","region":"局域网","user_type":"主帐号","datasource":"qtalert.log","event_type":"check"},{"comid":"4f735647505558527031","os":"windows","subfunc":"Web管理","user_name":"[email protected]","datasource":"qtalert.log","datatype":"system_audit","datatime":1683182957,"src_ip":"10.106.23.87","user_type":"主帐号","type":"monitor","id":"6453556ddc242630ee16f23b","event_src":"console","region":"局域网","return_code":200,"action":"add","event_type":"check","req_id":"e6538841dcb145bca5bed26a07c487a9","event_name":"Windows-资产清点-Web管理-查看Web服务信息","func":"资产清点"}]
[{"req_id":"187f96f1506d42c18dd2f388d32714fa","datasource":"qtalert.log","datatime":1683181392,"comid":"4f735647505558527031","event_type":"auth","event_src":"console","subfunc":"登录验证","datatype":"system_audit","event_name":"通用功能-账号认证-登录验证-用户登录","action":"add","id":"64534f503ac757083d7f9720","os":"general","user_name":"[email protected]","user_type":"主帐号","type":"monitor","func":"账号认证","src_ip":"10.106.23.87","region":"局域网","return_code":200},{"action":"add","type":"monitor","src_ip":"10.106.23.88","datatype":"system_audit","datatime":1683181718,"comid":"646e34364f4347765156","event_name":"通用功能-用户账号管理-退出登录-退出登录","func":"用户账号管理","datasource":"qtalert.log","id":"645350d8dc242630ee16ceb4","event_type":"auth","event_src":"console","os":"general","subfunc":"退出登录","region":"局域网","req_id":"7c137f8ab2054ad1b304e99452340210","user_name":"[email protected]","user_type":"主帐号","return_code":200},{"subfunc":"资产清点","user_name":"[email protected]","event_name":"Windows-资产清点-数据更新","comid":"4f735647505558527031","event_type":"execute","req_id":"69111381ca65432c8beb43087d7bd3a8","return_code":200,"datasource":"qtalert.log","datatime":1683181952,"action":"add","type":"monitor","id":"64535180dc242630ee16cebf","event_src":"console","os":"windows","func":"Windows","src_ip":"10.106.23.87","datatype":"system_audit","user_type":"主帐号","region":"局域网"},{"event_type":"check","subfunc":"主机管理","return_code":200,"datatime":1683182009,"event_src":"console","type":"monitor","id":"645351b9dc242630ee16dd1c","event_name":"Windows-资产清点-主机管理-查看资产信息","os":"windows","src_ip":"10.106.23.87","region":"局域网","datatype":"system_audit","action":"add","datasource":"qtalert.log","user_name":"[email protected]","user_type":"主帐号","req_id":"db5550d30450472e885e6898994b022b","comid":"4f735647505558527031","func":"资产清点"},{"event_name":"通用功能-账号认证-登录验证-用户登录","user_name":"[email protected]","return_code":200,"datasource":"qtalert.log","datatime":1683182023,"src_ip":"10.106.23.88","user_type":"主帐号","action":"add","type":"monitor","comid":"646e34364f4347765156","os":"general","func":"账号认证","subfunc":"登录验证","req_id":"ccd7eeb40dc849b5be00739dd9d3ef85","datatype":"system_audit","event_type":"auth","event_src":"console","region":"局域网","id":"645351c7dc242630ee16dd1f"},{"datatime":1683182039,"type":"monitor","event_type":"check","os":"windows","req_id":"784d5d0023a741f0b7d7aaa3f5844bf8","user_type":"主帐号","return_code":200,"datatype":"system_audit","id":"645351d7dc242630ee16e611","event_name":"Windows-资产清点-主机管理-查看资产信息","event_src":"console","func":"资产清点","src_ip":"10.106.23.87","user_name":"[email protected]","subfunc":"主机管理","action":"add","comid":"4f735647505558527031","region":"局域网","datasource":"qtalert.log"},{"func":"账号认证","subfunc":"登录验证","region":"局域网","user_type":"主帐号","return_code":200,"action":"add","comid":"646e34364f4347765156","os":"general","user_name":"[email protected]","datatype":"system_audit","datatime":1683182049,"event_src":"console","datasource":"qtalert.log","type":"monitor","id":"645351e1dc242630ee16e616","req_id":"84c3acdd8c834bd9b9ac4dd349d120ca","event_type":"auth","event_name":"通用功能-账号认证-登录验证-用户登录","src_ip":"10.106.23.88"},{"user_type":"主帐号","return_code":200,"datatime":1683182069,"type":"monitor","event_src":"console","func":"资产清点","region":"局域网","req_id":"3b071ea3653e4689b29177be0b2850d1","datasource":"qtalert.log","datatype":"system_audit","action":"add","event_type":"check","event_name":"Windows-资产清点-主机管理-查看资产信息","subfunc":"主机管理","user_name":"[email protected]","comid":"4f735647505558527031","id":"645351f5dc242630ee16e617","os":"windows","src_ip":"10.106.23.87"},{"func":"资产清点","src_ip":"10.106.23.87","user_name":"[email protected]","action":"add","type":"monitor","comid":"4f735647505558527031","event_name":"Windows-资产清点-账户管理-查看账号信息","os":"windows","datasource":"qtalert.log","datatime":1683182086,"event_type":"check","subfunc":"账户管理","req_id":"323730c34ab44c0fbcc434f7c7dfbb80","user_type":"主帐号","return_code":200,"id":"64535206dc242630ee16e618","event_src":"console","region":"局域网","datatype":"system_audit"},{"id":"64535207dc242630ee16e619","subfunc":"站点管理","user_type":"主帐号","datatime":1683182087,"event_type":"check","event_name":"Windows-资产清点-站点管理-查看Web站点信息","os":"windows","func":"资产清点","region":"局域网","req_id":"fa10e71136e848cfa55f7e42b27c37d8","datasource":"qtalert.log","src_ip":"10.106.23.87","user_name":"[email protected]","return_code":200,"datatype":"system_audit","action":"add","type":"monitor","comid":"4f735647505558527031","event_src":"console"},{"action":"add","comid":"4f735647505558527031","id":"6453523fdc242630ee16e620","event_name":"Windows-资产清点-Web管理-查看Java框架信息","func":"资产清点","region":"局域网","return_code":200,"datatype":"system_audit","datatime":1683182143,"os":"windows","subfunc":"Web管理","user_name":"[email protected]","user_type":"主帐号","type":"monitor","event_src":"console","datasource":"qtalert.log","event_type":"check","src_ip":"10.106.23.87","req_id":"2c7b0403308c44629064d35fe51f0fbe"},{"event_src":"console","region":"局域网","user_name":"[email protected]","user_type":"主帐号","return_code":200,"event_type":"check","event_name":"Linux-入侵检测-异常登录-查看事件信息","os":"linux","func":"入侵检测","src_ip":"10.106.23.88","req_id":"eb2944a8d43145809ddc87c4dbe35a57","datatime":1683182156,"action":"add","type":"monitor","subfunc":"异常登录","datatype":"system_audit","comid":"646e34364f4347765156","id":"6453524cdc242630ee16e621","datasource":"qtalert.log"},{"event_type":"check","event_name":"Windows-资产清点-站点管理-查看IIS站点信息","region":"局域网","req_id":"77cfaeeb7af14fd8a61d11494c99fef9","datasource":"qtalert.log","event_src":"console","subfunc":"站点管理","src_ip":"10.106.23.87","datatype":"system_audit","action":"add","os":"windows","func":"资产清点","datatime":1683182165,"type":"monitor","comid":"4f735647505558527031","id":"64535255dc242630ee16efa6","user_name":"[email protected]","user_type":"主帐号","return_code":200},{"datatype":"system_audit","action":"add","event_type":"check","event_name":"Linux-资产清点-主机资产-查看主机资产信息","subfunc":"主机资产","region":"局域网","req_id":"81cf2b6949e844b3b7847073b31e3ce2","datatime":1683182214,"id":"64535286dc242630ee16f1b1","event_src":"console","src_ip":"10.106.23.88","func":"资产清点","user_name":"[email protected]","type":"monitor","comid":"646e34364f4347765156","os":"linux","user_type":"主帐号","return_code":200,"datasource":"qtalert.log"},{"action":"add","type":"monitor","comid":"646e34364f4347765156","req_id":"5d5d5abe11bc4b6eaf5a66f6bdf62d6c","user_name":"[email protected]","datatype":"system_audit","datatime":1683182218,"event_name":"Linux-合规基线-凭证管理密码验证","subfunc":"合规基线","event_src":"console","func":"Linux","user_type":"主帐号","datasource":"qtalert.log","id":"6453528adc242630ee16f1b2","event_type":"auth","os":"linux","src_ip":"10.106.23.88","region":"局域网","return_code":200},{"user_type":"主帐号","comid":"646e34364f4347765156","id":"64535290dc242630ee16f1c2","event_name":"Linux-资产清点-主机资产-查看主机资产信息","event_src":"console","subfunc":"主机资产","datatime":1683182224,"action":"add","datasource":"qtalert.log","src_ip":"10.106.23.88","region":"局域网","req_id":"0bdfb3973f584eeeba11861d711d149e","user_name":"[email protected]","return_code":200,"datatype":"system_audit","type":"monitor","event_type":"check","os":"linux","func":"资产清点"},{"severity":2,"datatype":"evil_connect","agent_id":"6447946e55f89ff3","event_name":"恶意外联","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(20.106.86.13美国)的网络连接","source_ip":"192.168.232.135","target_port":443,"group_name":"未分组主机","protocol":"TCP","create_time":"2023-05-04 06:51:01","url":"http://10.106.110.28/next/#/out-connect/alarm","source_port":54890,"internal_ip":"192.168.232.135","comid":"3948414b50687073324a","target_ip":"20.106.86.13","datasource":"qtalert.log","event_level":"alert","rule_name":"dfsdf","update_time":"2023-05-04 06:51:02","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(796)","host_name":"DESKTOP-0FAOTBA","agent_ip":"192.168.232.135","event_type":"out_connect","group":2,"process_name":"taskhostw.exe","proc_path":"C:\\Windows\\System32\\taskhostw.exe","count":2},{"host_name":"DESKTOP-0FAOTBA","event_type":"out_connect","event_level":"alert","process_name":"taskhostw.exe","create_time":"2023-05-03 11:11:30","datasource":"qtalert.log","internal_ip":"192.168.232.135","agent_id":"6447946e55f89ff3","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(settings-win.data.microsoft.com)的网络连接","target_ip":"settings-win.data.microsoft.com","severity":2,"update_time":"2023-05-04 14:38:24","count":57,"agent_ip":"192.168.232.135","group":2,"event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","source_ip":"192.168.232.135","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","datatype":"evil_connect","group_name":"未分组主机","comid":"3948414b50687073324a","proc_path":"C:\\Windows\\System32\\taskhostw.exe","rule_name":"dfsdf"},{"url":"http://10.106.110.28/next/#/out-connect/alarm","target_ip":"settings-win.data.microsoft.com","proc_path":"C:\\Windows\\System32\\taskhostw.exe","create_time":"2023-05-03 11:11:30","event_type":"out_connect","event_level":"alert","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(settings-win.data.microsoft.com)的网络连接","process_name":"taskhostw.exe","severity":2,"internal_ip":"192.168.232.135","group":2,"event_name":"恶意外联","agent_id":"6447946e55f89ff3","source_ip":"192.168.232.135","update_time":"2023-05-04 14:38:24","count":58,"datatype":"evil_connect","host_name":"DESKTOP-0FAOTBA","group_name":"未分组主机","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","datasource":"qtalert.log","agent_ip":"192.168.232.135","comid":"3948414b50687073324a","rule_name":"dfsdf"},{"agent_ip":"192.168.232.135","group":2,"event_type":"out_connect","event_name":"恶意外联","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(settings-win.data.microsoft.com)的网络连接","rule_name":"dfsdf","host_name":"DESKTOP-0FAOTBA","event_level":"alert","source_ip":"192.168.232.135","process_name":"taskhostw.exe","update_time":"2023-05-04 13:17:48","datasource":"qtalert.log","comid":"3948414b50687073324a","url":"http://10.106.110.28/next/#/out-connect/alarm","proc_path":"C:\\Windows\\System32\\taskhostw.exe","count":56,"datatype":"evil_connect","internal_ip":"192.168.232.135","group_name":"未分组主机","agent_id":"6447946e55f89ff3","target_ip":"settings-win.data.microsoft.com","severity":2,"create_time":"2023-05-03 11:11:30","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(4664)"},{"process_name":"taskhostw.exe","proc_path":"C:\\Windows\\System32\\taskhostw.exe","host_name":"DESKTOP-0FAOTBA","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(20.106.86.13美国)的网络连接","url":"http://10.106.110.28/next/#/out-connect/alarm","proc_cmd":"taskhostw.exe","event_type":"out_connect","target_ip":"20.106.86.13","count":3,"internal_ip":"192.168.232.135","source_port":54977,"comid":"3948414b50687073324a","agent_ip":"192.168.232.135","group":2,"event_level":"alert","event_name":"恶意外联","severity":2,"process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","datatype":"evil_connect","target_port":443,"create_time":"2023-05-04 06:51:01","group_name":"未分组主机","source_ip":"192.168.232.135","datasource":"qtalert.log","agent_id":"6447946e55f89ff3","rule_name":"dfsdf","update_time":"2023-05-04 14:38:23","protocol":"TCP"},{"update_time":"2023-05-04 14:38:25","count":4,"group":2,"group_name":"未分组主机","process_tree":"svchost.exe(1776)-\u0026gt;taskhostw.exe(8028)","datasource":"qtalert.log","source_ip":"192.168.232.135","protocol":"TCP","url":"http://10.106.110.28/next/#/out-connect/alarm","target_ip":"20.106.86.13","target_port":443,"event_level":"alert","event_name":"恶意外联","comid":"3948414b50687073324a","event_type":"out_connect","rule_name":"dfsdf","create_time":"2023-05-04 06:51:01","agent_ip":"192.168.232.135","internal_ip":"192.168.232.135","agent_id":"6447946e55f89ff3","source_port":54979,"process_name":"taskhostw.exe","datatype":"evil_connect","host_name":"DESKTOP-0FAOTBA","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(20.106.86.13美国)的网络连接","proc_path":"C:\\Windows\\System32\\taskhostw.exe","severity":2},{"comid":"646e34364f4347765156","src_ip":"10.106.23.88","user_name":"[email protected]","req_id":"ac6e4a22603447b9a0686661b998aa03","return_code":200,"datatype":"system_audit","datatime":1683182309,"type":"monitor","subfunc":"合规基线","id":"645352e5dc242630ee16f1d8","event_type":"auth","func":"Linux","region":"局域网","user_type":"主帐号","datasource":"qtalert.log","action":"add","event_name":"Linux-合规基线-凭证管理密码验证","event_src":"console","os":"linux"},{"group":2,"comid":"3948414b50687073324a","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(ctldl.windowsupdate.com)的网络连接","datatype":"evil_connect","host_name":"DESKTOP-0FAOTBA","agent_id":"6447946e55f89ff3","event_type":"out_connect","event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","source_ip":"192.168.232.135","target_ip":"ctldl.windowsupdate.com","agent_ip":"192.168.232.135","group_name":"未分组主机","create_time":"2023-05-03 11:12:31","update_time":"2023-05-04 14:09:56","count":35,"process_tree":"svchost.exe(3024)","rule_name":"dfsdf","severity":2,"process_name":"svchost.exe","internal_ip":"192.168.232.135","event_level":"alert","datasource":"qtalert.log","proc_path":"C:\\Windows\\System32\\svchost.exe","proc_cmd":"C:\\Windows\\system32\\svchost.exe -k NetworkService -p -s CryptSvc"},{"target_port":80,"count":1,"agent_id":"6447946e55f89ff3","severity":2,"comid":"3948414b50687073324a","proc_cmd":"C:\\Windows\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","rule_name":"dfsdf","datatype":"evil_connect","agent_ip":"192.168.232.135","internal_ip":"192.168.232.135","target_ip":"123.6.106.1","group":2,"event_level":"alert","url":"http://10.106.110.28/next/#/out-connect/alarm","event_name":"恶意外联","process_name":"svchost.exe","process_tree":"svchost.exe(3024)","host_name":"DESKTOP-0FAOTBA","group_name":"未分组主机","update_time":"2023-05-04 14:39:23","source_ip":"192.168.232.135","source_port":54980,"protocol":"TCP","create_time":"2023-05-04 14:39:23","datasource":"qtalert.log","event_type":"out_connect","event_content":"[恶意外联]发现主机(192.168.232.135)存在向(123.6.106.1中国,河南,郑州)的网络连接","proc_path":"C:\\Windows\\System32\\svchost.exe"},{"severity":2,"create_time":"2023-05-03 10:22:35","update_time":"2023-05-04 13:35:17","event_level":"alert","process_name":"taskhostw.exe","rule_name":"dfsdf","proc_path":"C:\\Windows\\System32\\taskhostw.exe","process_tree":"svchost.exe(1908)-\u0026gt;taskhostw.exe(5028)","datasource":"qtalert.log","datatype":"evil_connect","host_name":"DESKTOP-DVUFH8V","url":"http://10.106.110.28/next/#/out-connect/alarm","agent_id":"6447503c55f89fee","comid":"3948414b50687073324a","event_type":"out_connect","event_name":"恶意外联","target_ip":"settings-win.data.microsoft.com","agent_ip":"192.168.232.40","group_name":"未分组主机","group":2,"count":62,"internal_ip":"192.168.232.40","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(settings-win.data.microsoft.com)的网络连接","source_ip":"192.168.232.40"},{"id":"64535338dc242630ee16f1ef","event_type":"check","datatype":"system_audit","action":"add","type":"monitor","comid":"646e34364f4347765156","user_type":"主帐号","datatime":1683182392,"event_src":"console","os":"linux","req_id":"ffb1cbc1db6847feaff911ef68806a0f","event_name":"Linux-资产清点-主机资产-查看主机资产信息","func":"资产清点","subfunc":"主机资产","src_ip":"10.106.23.77","region":"局域网","user_name":"[email protected]","return_code":200,"datasource":"qtalert.log"},{"return_code":200,"datasource":"qtalert.log","subfunc":"扫描任务","region":"局域网","comid":"646e34364f4347765156","id":"64535343dc242630ee16f1f7","user_name":"[email protected]","datatype":"system_audit","type":"monitor","event_src":"console","os":"general","user_type":"主帐号","datatime":1683182403,"event_type":"create","func":"文件完整性","src_ip":"10.106.23.77","req_id":"d5a7010ac79046afbef279df46888fb8","action":"add","event_name":"通用功能-文件完整性-扫描任务-创建任务"},{"port":22,"login_con_port":59750,"agent_id":"645331065b394485","os":"linux","internal_ip":"10.106.113.116","log_type":1,"src_ip":"10.106.23.88","pid":4456,"uname":"root","agent_ip":"10.106.113.116","host_name":"localhost.localdomain","group":70,"comid":"646e34364f4347765156","location":"局域网","login_type":"password","logout_reason":-1,"severity":0,"action":"add","group_name":"信创os兼容","type":"monitor","pname":"sshd","login_err_reason":-1,"datasource":"qtalert.log","datatype":"access_log","datatime":1683182415},{"log_type":1,"uname":"root","port":22,"logout_reason":-1,"agent_ip":"10.106.113.116","internal_ip":"10.106.113.116","action":"add","src_ip":"10.106.23.88","login_err_reason":-1,"datatype":"access_log","host_name":"localhost.localdomain","os":"linux","agent_id":"645331065b394485","location":"局域网","pname":"sshd","pid":4551,"login_con_port":59770,"severity":0,"type":"monitor","group":70,"login_type":"password","datasource":"qtalert.log","datatime":1683182422,"group_name":"信创os兼容","comid":"646e34364f4347765156"},{"datasource":"qtalert.log","datatime":1683182447,"event_name":"Linux-合规基线-凭证管理密码验证","user_name":"[email protected]","src_ip":"10.106.23.88","req_id":"c4af072aff40400db8978d2a7ace263d","event_type":"auth","os":"linux","func":"Linux","datatype":"system_audit","comid":"646e34364f4347765156","id":"6453536fdc242630ee16f1f8","subfunc":"合规基线","region":"局域网","user_type":"主帐号","return_code":200,"action":"add","type":"monitor","event_src":"console"},{"type":"monitor","event_type":"check","region":"局域网","user_name":"[email protected]","user_type":"主帐号","return_code":200,"datasource":"qtalert.log","datatype":"system_audit","src_ip":"10.106.23.87","req_id":"4b94b5c8adeb4e3db278d4d7c9cc3bec","id":"64535404dc242630ee16f209","event_src":"console","subfunc":"Agent管理","datatime":1683182596,"action":"add","comid":"4f735647505558527031","event_name":"通用功能-服务工具-Agent管理-查看Agent信息","os":"general","func":"服务工具"},{"req_id":"579435512ff2443c82e8ef6e25ac9d6b","id":"64535405dc242630ee16f20a","action":"add","comid":"4f735647505558527031","subfunc":"Agent管理","user_name":"[email protected]","datatype":"system_audit","event_type":"check","event_src":"console","os":"general","func":"服务工具","region":"局域网","return_code":200,"datatime":1683182597,"event_name":"通用功能-服务工具-Agent管理-查看Agent信息","src_ip":"10.106.23.87","user_type":"主帐号","datasource":"qtalert.log","type":"monitor"},{"agent_ip":"172.16.23.245","comid":"4f735647505558527031","os":"windows","location":"局域网","port":3389,"datatime":1683182628,"internal_ip":"172.16.23.245","agent_id":"64531ce25b394483","datatype":"access_log","host_name":"WIN-F8QAIC06VOK","group_name":"未分组主机","severity":0,"pname":"rdp","uname":"Administrator","login_con_port":-1,"datasource":"qtalert.log","action":"add","type":"monitor","group":2,"log_type":1,"src_ip":"10.106.23.87","logout_reason":-1},{"action":"add","event_src":"console","os":"general","subfunc":"扫描任务","req_id":"6e836c231cc74b11870bbb0d9c4ac0c5","type":"monitor","id":"64535455dc242630ee16f210","event_name":"通用功能-文件完整性-扫描任务-重新生成基准","user_name":"[email protected]","user_type":"主帐号","return_code":200,"datatime":1683182677,"src_ip":"10.106.23.77","region":"局域网","datasource":"qtalert.log","datatype":"system_audit","comid":"646e34364f4347765156","event_type":"execute","func":"文件完整性"},{"type":"monitor","comid":"646e34364f4347765156","src_ip":"10.106.23.88","pid":4551,"datatype":"access_log","host_name":"localhost.localdomain","group_name":"信创os兼容","severity":0,"port":22,"datatime":1683182765,"group":70,"agent_id":"645331065b394485","pname":"sshd","datasource":"qtalert.log","agent_ip":"10.106.113.116","internal_ip":"10.106.113.116","action":"add","os":"linux","login_err_reason":-1,"logout_reason":0,"log_type":2,"location":"局域网","uname":"root","login_con_port":-1},{"src_ip":"10.106.23.88","login_con_port":-1,"login_err_reason":-1,"agent_ip":"10.106.113.116","host_name":"localhost.localdomain","action":"add","group":70,"agent_id":"645331065b394485","datasource":"qtalert.log","group_name":"信创os兼容","port":22,"logout_reason":0,"type":"monitor","comid":"646e34364f4347765156","uname":"root","log_type":2,"location":"局域网","pname":"sshd","datatype":"access_log","datatime":1683182775,"internal_ip":"10.106.113.116","severity":0,"os":"linux","pid":4456},{"internal_ip":"192.168.232.40","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(104.208.16.90美国)的网络连接","update_time":"2023-05-04 08:16:20","group":2,"source_port":62609,"proc_path":"C:\\Windows\\System32\\svchost.exe","datatype":"evil_connect","source_ip":"192.168.232.40","datasource":"qtalert.log","event_type":"out_connect","target_ip":"104.208.16.90","create_time":"2023-05-04 08:16:20","comid":"3948414b50687073324a","rule_name":"dfsdf","agent_ip":"192.168.232.40","host_name":"DESKTOP-DVUFH8V","agent_id":"6447503c55f89fee","target_port":443,"event_level":"alert","process_name":"svchost.exe","severity":2,"count":1,"group_name":"未分组主机","event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","protocol":"TCP","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p","process_tree":"svchost.exe(3212)"},{"host_name":"DESKTOP-DVUFH8V","internal_ip":"192.168.232.40","source_ip":"192.168.232.40","target_ip":"v10.events.data.microsoft.com","proc_path":"C:\\Windows\\System32\\svchost.exe","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k utcsvc -p","severity":2,"datatype":"evil_connect","process_tree":"svchost.exe(3212)","group":2,"event_level":"alert","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(v10.events.data.microsoft.com)的网络连接","process_name":"svchost.exe","count":81,"agent_ip":"192.168.232.40","datasource":"qtalert.log","group_name":"未分组主机","comid":"3948414b50687073324a","event_type":"out_connect","event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","rule_name":"dfsdf","create_time":"2023-05-03 10:46:20","update_time":"2023-05-04 14:16:21","agent_id":"6447503c55f89fee"},{"count":23,"host_name":"DESKTOP-DVUFH8V","internal_ip":"192.168.232.40","event_level":"alert","proc_path":"C:\\Windows\\System32\\svchost.exe","severity":2,"update_time":"2023-05-04 14:19:33","datatype":"evil_connect","group":2,"comid":"3948414b50687073324a","event_type":"out_connect","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(array801.prod.do.dsp.mp.microsoft.com)的网络连接","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k NetworkService -p -s DoSvc","datasource":"qtalert.log","agent_ip":"192.168.232.40","event_name":"恶意外联","process_name":"svchost.exe","target_ip":"array801.prod.do.dsp.mp.microsoft.com","rule_name":"dfsdf","process_tree":"svchost.exe(4488)","group_name":"未分组主机","agent_id":"6447503c55f89fee","url":"http://10.106.110.28/next/#/out-connect/alarm","source_ip":"192.168.232.40","create_time":"2023-05-04 04:54:09"},{"group":2,"agent_id":"6447503c55f89fee","process_name":"svchost.exe","source_ip":"192.168.232.40","datasource":"qtalert.log","internal_ip":"192.168.232.40","event_name":"恶意外联","url":"http://10.106.110.28/next/#/out-connect/alarm","host_name":"DESKTOP-DVUFH8V","rule_name":"dfsdf","process_tree":"svchost.exe(4488)","datatype":"evil_connect","event_level":"alert","count":23,"comid":"3948414b50687073324a","proc_cmd":"C:\\WINDOWS\\System32\\svchost.exe -k NetworkService -p -s DoSvc","proc_path":"C:\\Windows\\System32\\svchost.exe","group_name":"未分组主机","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(40.91.80.89美国)的网络连接","source_port":62695,"agent_ip":"192.168.232.40","event_type":"out_connect","severity":2,"create_time":"2023-05-04 04:54:10","update_time":"2023-05-04 14:19:33","target_ip":"40.91.80.89","target_port":443,"protocol":"TCP"},{"datatype":"evil_connect","url":"http://10.106.110.28/next/#/out-connect/alarm","process_name":"svchost.exe","create_time":"2023-05-04 14:47:21","process_tree":"svchost.exe(3204)","datasource":"qtalert.log","agent_ip":"192.168.232.40","event_name":"恶意外联","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(122.189.81.111中国,湖北,荆州)的网络连接","target_ip":"122.189.81.111","count":1,"target_port":80,"protocol":"TCP","proc_cmd":"C:\\WINDOWS\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","update_time":"2023-05-04 14:47:21","comid":"3948414b50687073324a","rule_name":"dfsdf","host_name":"DESKTOP-DVUFH8V","source_port":62705,"proc_path":"C:\\Windows\\System32\\svchost.exe","severity":2,"internal_ip":"192.168.232.40","group_name":"未分组主机","agent_id":"6447503c55f89fee","event_type":"out_connect","event_level":"alert","source_ip":"192.168.232.40","group":2},{"group":2,"comid":"3948414b50687073324a","source_ip":"192.168.232.40","create_time":"2023-05-03 10:47:21","count":22,"datasource":"qtalert.log","proc_path":"C:\\Windows\\System32\\svchost.exe","rule_name":"dfsdf","internal_ip":"192.168.232.40","group_name":"未分组主机","agent_id":"6447503c55f89fee","event_type":"out_connect","event_name":"恶意外联","event_content":"[恶意外联]发现主机(192.168.232.40)存在向(ctldl.windowsupdate.com)的网络连接","severity":2,"proc_cmd":"C:\\WINDOWS\\system32\\svchost.exe -k NetworkService -p -s CryptSvc","update_time":"2023-05-04 13:47:21","datatype":"evil_connect","agent_ip":"192.168.232.40","event_level":"alert","url":"http://10.106.110.28/next/#/out-connect/alarm","process_name":"svchost.exe","target_ip":"ctldl.windowsupdate.com","process_tree":"svchost.exe(3204)","host_name":"DESKTOP-DVUFH8V"},{"comid":"4f735647505558527031","event_src":"console","return_code":200,"event_name":"Windows-资产清点-Web管理-查看Web服务信息","func":"资产清点","subfunc":"Web管理","src_ip":"10.106.23.87","user_name":"[email protected]","datasource":"qtalert.log","action":"add","id":"64535566dc242630ee16f23a","event_type":"check","region":"局域网","req_id":"56524843fd0a4f2e9bf0fc82df62120e","datatype":"system_audit","datatime":1683182950,"type":"monitor","os":"windows","user_type":"主帐号"},{"type":"monitor","event_type":"check","event_src":"console","user_type":"主帐号","datatype":"system_audit","id":"6453556ddc242630ee16f23b","event_name":"Windows-资产清点-Web管理-查看Web服务信息","os":"windows","func":"资产清点","src_ip":"10.106.23.87","datasource":"qtalert.log","comid":"4f735647505558527031","req_id":"e6538841dcb145bca5bed26a07c487a9","user_name":"[email protected]","return_code":200,"datatime":1683182957,"subfunc":"Web管理","region":"局域网","action":"add"}]
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手