Anotace datasetu c. 2¶

Table of contents
Anotace datasetu c. 2

Obecne¶

Dataset vytvoren pomoci prikazu:

mongoexport --db mentat --collection alerts --query '{DetectTime: {"$gte": {"$binary": "2v8fYAAAAAA=", "$type": "00"}, "$lt": {"$binary": "2whZ4AAAAAA=", "$type": "00"}}}' --sort '{DetectTime: 1}'

Měl by zhruba odpovídat tomuto:

https://mentat-hub.cesnet.cz/mentat/brief/calculate?brief_date=2016-06-06&brief_type=week&submit=Calculate
Zhruba znamená možný rozdíl v časovém posunu a možné rozdíly v porovnání na koncích – gt vs gte, lt vs lte.

Import:

mongoimport --db mentat --collection alerts --file mentat-alerts-2016-06-06T00-00-00-2016-06-13T00-00-00.mongoexport
od 2016-06-22T09:38:38.008+0200 do 2016-06-22T15:01:42.762+0200 - cca 5,5 hodiny

Stats¶

> db.alerts.stats()
        "ns" : "mentat.alerts",
        "count" : 8043378,
        "size" : 14531902549,
        "avgObjSize" : 1806,
        "storageSize" : 4541648896,
        "capped" : false,
        "wiredTiger" : {
                "metadata" : {
                        "formatVersion" : 1
                },
{

Category¶

> db.alerts.aggregate([{$group: {_id: "$Category", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
Recon.Scanning	7415750
Attempt.Login, Test	389841
Malware, Test	114782
Recon.Scanning, Test	34833
Attempt.Login	34677
Attempt.Exploit	11662
Anomaly.Traffic	9045
Fraud.Phishing, Test	8223
Intrusion.Botnet, Test	6193
Availability.DoS, Test	5907
Abusive.Spam	4409
Other, Test	2191
Availability.DoS	1877
Vulnerable.Config	1649
Intrusion.Botnet, Malware	724
Attempt.Exploit, Malware	598
Fraud.UnauthorizedUsage, Anomaly.Traffic, Test	353
information.UnauthorizedAccess, Test	312
Availibility.DDoS, Test	99
Recon	98
Intrusion.Botnet	44
Anomaly.Connection	31
Attempt.Exploit, Test	28
Availibility.DDoS	27
Intrusion.AdminCompromise, Test	25
Celkem	8 043 378

Node.Name¶

 db.alerts.aggregate([{$group: {_id: "$Node.Name", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
cz.cesnet.au1.warden_filer, cesnet.au1	5653846
cz.cesnet.hoststats	1112597
cz.vutbr.hpscan	392931
cz.cesnet.nemea.bruteforce	344896
cz.cesnet.nemea.hoststats	258953
cz.cesnet.supplier.intelmq	126510
cz.cesnet.metacentrum.nemea.bruteforce	32881
cz.cesnet.nemea.vportscan	31445
cz.cesnet.metacentrum.nemea.hoststats	17919
cz.tul.ward.dionaea	16559
cz.cesnet.ftas, cz.cesnet.gc15	8862
cz.nic.dionaea2	7053
cz.nic.dionaea1	6163
cz.cesnet.nemea.ipblacklist	5921
cz.uhk.apate.cowrie	4801
cz.cesnet.syslog.warden_filer, vinovago	4408
cz.cesnet.kryten.dionaea	4334
cz.uhk.apate.dionaea	4148
cz.tul.ward.kippo	3782
org.liberouter.collector_invea.flowmonads	3107
cz.nic.kippo	1078
cz.cesnet.au1.warden_filer, cz.cesnet.ext.x4	724
cz.cesnet.ftas, cz.cesnet.gc17	182
cz.cesnet.metacentrum.nemea.amplificationdetector	99
cz.muni.ics.csirt.honeyscan, cz.muni.ics.csirt.honeyscan	98
cz.cesnet.au1.warden_filer, cz.cesnet.ext.nsharp	35
cz.cesnet.nemea.amplificationdetector	27
cz.cesnet.au1.warden_filer, cz.cesnet.ext.x2	9
cz.cesnet.metacentrum.nemea.vportscan	9
cz.cesnet.au1.warden_filer, cz.cesnet.ext.uceprot	1
Celkem	8 043 378

Events per day (DetectTime)¶

$ events_per_day.sh

Nazev	Pocet
2016-06-06	1 327 705
2016-06-07	1 029 193
2016-06-08	1 047 337
2016-06-09	1 046 094
2016-06-10	1 082 369
2016-06-11	1 242 472
2016-06-12	1 268 208
Celkem	8 043 378
Průměr	1 149 054

IPv4 vs. IPv6¶

db.alerts.find({"Source.IP4":{"$exists":true}}).count()
db.alerts.find({"Target.IP4":{"$exists":true}}).count()
db.alerts.find({"Source.IP6":{"$exists":true}}).count()
db.alerts.find({"Target.IP6":{"$exists":true}}).count()
db.alerts.find({"$or":[{"Source.IP4":{"$exists":true}},{"Target.IP4":{"$exists":true}}]}).count()
db.alerts.find({"$and":[{"Source.IP4":{"$exists":true}},{"Target.IP4":{"$exists":true}}]}).count()
db.alerts.find({"$or":[{"Source.IP6":{"$exists":true}},{"Target.IP6":{"$exists":true}}]}).count()
db.alerts.find({"$and":[{"Source.IP6":{"$exists":true}},{"Target.IP6":{"$exists":true}}]}).count()

Nazev	Pocet
"Source.IP4":{"$exists":true}	8 013 779
"Target.IP4":{"$exists":true}	6 166 717
"Source.IP6":{"$exists":true}	164
"Target.IP6":{"$exists":true}	108
"Source.IP4":{"$exists":true} OR "Target.IP4":{"$exists":true}	8 043 075
"Source.IP4":{"$exists":true} AND "Target.IP4":{"$exists":true}	6 137 421
"Source.IP6":{"$exists":true} OR "Target.IP6":{"$exists":true}	167
"Source.IP6":{"$exists":true} AND "Target.IP6":{"$exists":true}	105

Source.IP4.ip - Top100¶

db.alerts.aggregate([{$group: {_id: "$Source.IP4.ip", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
217.23.5.2	141005
91.192.197.204	86733
93.174.93.94	86300
207.244.70.169	82304
217.23.5.21	71973
89.248.172.140	50882
84.22.2.142	43672
195.62.52.90	39799
77.247.181.162	39688
109.230.85.155	38140
80.82.70.198	38119
80.82.65.61	33369
71.6.135.131	31858
169.229.3.91	31297
46.234.125.89	30111
71.6.167.142	28137
104.40.234.225	25923
185.72.179.19	25191
null	24238
66.240.192.138	23182
66.240.236.119	22824
104.193.252.230	22367
198.20.69.98	22318
198.20.87.98	21988
66.240.219.146	21967
198.20.69.74	21911
71.6.158.166	21793
91.236.75.4	21398
71.6.165.200	20476
71.6.146.185	20285
164.132.110.97	19884
50.63.202.9	19745
216.243.31.2	17428
51.255.197.220	16844
87.98.190.53	16024
220.243.235.15	15538
82.135.32.210	15433
37.207.230.155	15297
46.100.58.85	14864
208.100.26.230	13857
208.100.26.231	13848
208.100.26.232	13653
208.100.26.229	13569
198.20.70.114	12285
188.138.1.218	12127
169.228.66.91	11905
198.20.99.130	11520
88.159.17.130	11147
96.228.211.79	10989
96.89.241.6	10304
82.221.105.7	9765
82.221.105.6	9735
31.44.191.229	9731
209.95.43.8	9699
198.27.69.222	8970
37.49.225.53	8868
186.2.161.93	8821
85.25.43.94	8745
122.226.213.231	8588
141.212.122.129	8551
157.255.26.0	8539
207.244.76.204	8516
91.197.232.85	8294
193.28.179.25	8179
94.102.48.194	7930
171.107.80.47	7854
91.238.228.137	7570
107.191.99.143	7252
213.85.82.154	7242
158.69.3.173	7202
185.56.82.62	6930
193.169.86.10	6923
195.13.201.232	6883
211.53.40.135	6544
143.215.130.109	6446
188.165.221.126	6378
37.49.225.33	6377
80.243.189.74	6263
54.187.64.26	6232
91.197.232.42	6038
2.20.188.161	6035
106.186.20.183	5792
149.56.41.159	5780
106.184.2.29	5779
140.205.19.33	5673
51.255.43.122	5670
66.198.127.126	5667
140.205.19.37	5661
139.196.66.151	5653
140.205.16.119	5645
91.224.160.75	5642
47.89.132.132	5585
106.186.31.135	5584
95.49.45.74	5574
47.88.64.193	5562
47.88.133.193	5559
47.89.65.19	5555
47.89.66.24	5555
91.224.160.10	5549
[]	5361
Celkem	1 823 455

Target.IP4.ip - Top100¶

db.alerts.aggregate([{$group: {_id: "$Target.IP4.ip", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
null	1486780
195.113.252.49	590652
195.113.252.177	478404
195.113.252.161	439044
195.113.252.33	428348
[ ]	389881
147.229.104.0	38193
217.31.192.0	14294
195.113.255.1	13540
195.113.253.1	13039
195.113.254.1	12004
78.128.253.1	11784
78.128.254.1	10992
195.113.254.5	10741
195.113.254.2	10503
78.128.255.1	10484
195.113.253.6	10414
195.113.252.3	10408
195.113.254.4	10385
195.113.254.6	10375
195.113.254.7	10337
195.113.252.2	10336
195.113.254.3	10321
195.113.253.3	10306
195.113.252.7	10278
195.113.252.6	10263
195.113.252.4	10171
195.113.253.5	10162
195.113.253.4	10125
195.113.252.5	10125
195.113.253.7	10121
195.113.253.2	10027
195.113.255.4	9759
195.113.255.2	9686
195.113.255.3	9681
195.113.255.6	9661
195.113.255.5	9619
195.113.165.128	8949
78.128.253.2	8233
78.128.254.2	8054
78.128.252.2	7840
78.128.255.2	7465
195.113.254.8	4671
78.104.177.26	4666
195.178.94.39	4622
195.113.252.8	4537
78.128.252.3	4358
195.113.0.0	4335
78.128.254.169	3836
195.113.255.181	3745
195.113.254.169	3730
147.230.185.94	3654
78.128.254.41	3429
147.230.121.151	3179
78.128.252.121	3096
78.128.252.147	3085
147.230.77.10	3074
147.230.97.230	2994
78.128.253.161	2984
78.128.253.152	2916
78.128.252.241	2885
78.128.252.225	2883
78.128.254.23	2882
195.113.252.94	2876
78.128.174.42	2857
78.128.252.52	2855
195.113.254.55	2854
195.113.254.106	2821
195.113.254.134	2816
147.230.89.232	2777
195.113.252.64	2762
195.113.254.146	2758
78.128.254.238	2756
195.113.255.138	2735
195.113.254.225	2709
195.113.254.0	2706
147.230.104.233	2688
195.113.252.90	2677
78.128.255.192	2654
78.128.253.0	2599
78.128.255.180	2548
78.128.255.79	2478
195.113.255.64	2454
195.113.255.23	2421
195.113.255.224	2377
78.128.252.151	2373
195.113.254.255	2369
195.113.255.28	2334
195.113.252.109	2326
195.113.255.123	2296
195.113.255.25	2286
195.113.255.187	2286
195.113.255.130	2274
195.113.255.210	2266
78.128.252.149	2242
195.113.255.170	2224
78.128.253.180	2193
78.128.252.57	2168
78.128.252.56	2164
78.128.252.59	2163
Celkem	4 380 487

Source.IP4.min - Top100¶

db.alerts.aggregate([{$group: {_id: "$Source.IP4.min", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
217.23.5.2	141005
91.192.197.204	86733
93.174.93.94	86300
207.244.70.169	82304
217.23.5.21	71973
89.248.172.140	50882
84.22.2.142	43672
195.62.52.90	39799
77.247.181.162	39688
109.230.85.155	38140
80.82.70.198	38119
80.82.65.61	33369
71.6.135.131	31858
169.229.3.91	31297
46.234.125.89	30111
71.6.167.142	28137
104.40.234.225	25923
185.72.179.19	25191
null	24238
66.240.192.138	23182
66.240.236.119	22824
104.193.252.230	22367
198.20.69.98	22318
198.20.87.98	21988
66.240.219.146	21967
198.20.69.74	21911
71.6.158.166	21793
91.236.75.4	21398
71.6.165.200	20476
71.6.146.185	20285
164.132.110.97	19884
50.63.202.9	19745
216.243.31.2	17428
51.255.197.220	16844
87.98.190.53	16024
220.243.235.15	15538
82.135.32.210	15433
37.207.230.155	15297
46.100.58.85	14864
208.100.26.230	13857
208.100.26.231	13848
208.100.26.232	13653
208.100.26.229	13569
198.20.70.114	12285
188.138.1.218	12127
169.228.66.91	11905
198.20.99.130	11520
88.159.17.130	11147
96.228.211.79	10989
96.89.241.6	10304
82.221.105.7	9765
82.221.105.6	9735
31.44.191.229	9731
209.95.43.8	9699
198.27.69.222	8970
37.49.225.53	8868
186.2.161.93	8821
85.25.43.94	8745
122.226.213.231	8588
141.212.122.129	8551
157.255.26.0	8539
207.244.76.204	8516
91.197.232.85	8294
193.28.179.25	8179
94.102.48.194	7930
171.107.80.47	7854
91.238.228.137	7570
107.191.99.143	7252
213.85.82.154	7242
158.69.3.173	7202
185.56.82.62	6930
193.169.86.10	6923
195.13.201.232	6883
211.53.40.135	6544
143.215.130.109	6446
188.165.221.126	6378
37.49.225.33	6377
80.243.189.74	6263
54.187.64.26	6232
91.197.232.42	6038
2.20.188.161	6035
106.186.20.183	5792
149.56.41.159	5780
106.184.2.29	5779
140.205.19.33	5673
51.255.43.122	5670
66.198.127.126	5667
140.205.19.37	5661
139.196.66.151	5653
140.205.16.119	5645
91.224.160.75	5642
47.89.132.132	5585
106.186.31.135	5584
95.49.45.74	5574
47.88.64.193	5562
47.88.133.193	5559
47.89.65.19	5555
47.89.66.24	5555
91.224.160.10	5549
[ ]	5361
Celkem	1 823 455

Source.IP4.max - Top100¶

db.alerts.aggregate([{$group: {_id: "$Source.IP4.max", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
217.23.5.2	141005
91.192.197.204	86733
93.174.93.94	86300
207.244.70.169	82304
217.23.5.21	71973
89.248.172.140	50882
84.22.2.142	43672
195.62.52.90	39799
77.247.181.162	39688
109.230.85.155	38140
80.82.70.198	38119
80.82.65.61	33369
71.6.135.131	31858
169.229.3.91	31297
46.234.125.89	30111
71.6.167.142	28137
104.40.234.225	25923
185.72.179.19	25191
null	24238
66.240.192.138	23182
66.240.236.119	22824
104.193.252.230	22367
198.20.69.98	22318
198.20.87.98	21988
66.240.219.146	21967
198.20.69.74	21911
71.6.158.166	21793
91.236.75.4	21398
71.6.165.200	20476
71.6.146.185	20285
164.132.110.97	19884
50.63.202.9	19745
216.243.31.2	17428
51.255.197.220	16844
87.98.190.53	16024
220.243.235.15	15538
82.135.32.210	15433
37.207.230.155	15297
46.100.58.85	14864
208.100.26.230	13857
208.100.26.231	13848
208.100.26.232	13653
208.100.26.229	13569
198.20.70.114	12285
188.138.1.218	12127
169.228.66.91	11905
198.20.99.130	11520
88.159.17.130	11147
96.228.211.79	10989
96.89.241.6	10304
82.221.105.7	9765
82.221.105.6	9735
31.44.191.229	9731
209.95.43.8	9699
198.27.69.222	8970
37.49.225.53	8868
186.2.161.93	8821
85.25.43.94	8745
122.226.213.231	8588
141.212.122.129	8551
157.255.26.0	8539
207.244.76.204	8516
91.197.232.85	8294
193.28.179.25	8179
94.102.48.194	7930
171.107.80.47	7854
91.238.228.137	7570
107.191.99.143	7252
213.85.82.154	7242
158.69.3.173	7202
185.56.82.62	6930
193.169.86.10	6923
195.13.201.232	6883
211.53.40.135	6544
143.215.130.109	6446
188.165.221.126	6378
37.49.225.33	6377
80.243.189.74	6263
54.187.64.26	6232
91.197.232.42	6038
2.20.188.161	6035
106.186.20.183	5792
149.56.41.159	5780
106.184.2.29	5779
140.205.19.33	5673
51.255.43.122	5670
66.198.127.126	5667
140.205.19.37	5661
139.196.66.151	5653
140.205.16.119	5645
91.224.160.75	5642
47.89.132.132	5585
106.186.31.135	5584
95.49.45.74	5574
47.88.64.193	5562
47.88.133.193	5559
47.89.65.19	5555
47.89.66.24	5555
91.224.160.10	5549
[ ]	5361
Celkem	1 823 455

Target.IP4.min - Top100¶

db.alerts.aggregate([{$group: {_id: "$Target.IP4.min", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
null	1486780
195.113.252.49	590652
195.113.252.177	478404
195.113.252.161	439044
195.113.252.33	428348
[ ]	389881
147.229.104.0	38193
217.31.192.0	14294
195.113.255.1	13540
195.113.253.1	13039
195.113.254.1	12004
78.128.253.1	11784
78.128.254.1	10992
195.113.254.5	10741
195.113.254.2	10503
78.128.255.1	10484
195.113.253.6	10414
195.113.252.3	10408
195.113.254.4	10385
195.113.254.6	10375
195.113.254.7	10337
195.113.252.2	10336
195.113.254.3	10321
195.113.253.3	10306
195.113.252.7	10278
195.113.252.6	10263
195.113.252.4	10171
195.113.253.5	10162
195.113.253.4	10125
195.113.252.5	10125
195.113.253.7	10121
195.113.253.2	10027
195.113.255.4	9759
195.113.255.2	9686
195.113.255.3	9681
195.113.255.6	9661
195.113.255.5	9619
195.113.165.128	8949
78.128.253.2	8233
78.128.254.2	8054
78.128.252.2	7840
78.128.255.2	7465
195.113.254.8	4671
78.104.177.26	4666
195.178.94.39	4622
195.113.252.8	4537
78.128.252.3	4358
195.113.0.0	4335
78.128.254.169	3836
195.113.255.181	3745
195.113.254.169	3730
147.230.185.94	3654
78.128.254.41	3429
147.230.121.151	3179
78.128.252.121	3096
78.128.252.147	3085
147.230.77.10	3074
147.230.97.230	2994
78.128.253.161	2984
78.128.253.152	2916
78.128.252.241	2885
78.128.252.225	2883
78.128.254.23	2882
195.113.252.94	2876
78.128.174.42	2857
78.128.252.52	2855
195.113.254.55	2854
195.113.254.106	2821
195.113.254.134	2816
147.230.89.232	2777
195.113.252.64	2762
195.113.254.146	2758
78.128.254.238	2756
195.113.255.138	2735
195.113.254.225	2709
195.113.254.0	2706
147.230.104.233	2688
195.113.252.90	2677
78.128.255.192	2654
78.128.253.0	2599
78.128.255.180	2548
78.128.255.79	2478
195.113.255.64	2454
195.113.255.23	2421
195.113.255.224	2377
78.128.252.151	2373
195.113.254.255	2369
195.113.255.28	2334
195.113.252.109	2326
195.113.255.123	2296
195.113.255.25	2286
195.113.255.187	2286
195.113.255.130	2274
195.113.255.210	2266
78.128.252.149	2242
195.113.255.170	2224
78.128.253.180	2193
78.128.252.57	2168
78.128.252.56	2164
78.128.252.59	2163
Celkem	4 380 487

Target.IP4.max - Top100¶

db.alerts.aggregate([{$group: {_id: "$Target.IP4.max", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
null	1486780
195.113.252.49	590652
195.113.252.177	478404
195.113.252.161	439044
195.113.252.33	428348
[ ]	389881
147.229.107.255	38397
217.31.207.255	14294
195.113.255.1	13540
195.113.253.1	13039
195.113.254.1	12004
78.128.253.1	11784
78.128.254.1	10992
195.113.254.5	10741
195.113.254.2	10503
78.128.255.1	10484
195.113.253.6	10414
195.113.252.3	10408
195.113.254.4	10385
195.113.254.6	10375
195.113.254.7	10337
195.113.252.2	10336
195.113.254.3	10321
195.113.253.3	10306
195.113.252.7	10278
195.113.252.6	10263
195.113.252.4	10171
195.113.253.5	10162
195.113.253.4	10125
195.113.252.5	10125
195.113.253.7	10121
195.113.253.2	10027
195.113.255.4	9759
195.113.255.2	9686
195.113.255.3	9681
195.113.255.6	9661
195.113.255.5	9619
195.113.165.255	8949
78.128.253.2	8233
78.128.254.2	8054
78.128.252.2	7840
78.128.255.2	7465
195.113.254.8	4671
78.104.177.26	4666
195.178.94.39	4622
195.113.252.8	4537
78.128.252.3	4358
195.113.255.255	4334
78.128.254.169	3836
195.113.255.181	3745
195.113.254.169	3730
147.230.185.94	3654
78.128.254.41	3429
147.230.121.151	3179
78.128.252.121	3096
78.128.252.147	3085
147.230.77.10	3074
147.230.97.230	2994
78.128.253.161	2984
78.128.253.152	2916
78.128.252.241	2885
78.128.252.225	2883
78.128.254.23	2882
195.113.252.94	2876
78.128.174.42	2857
78.128.252.52	2855
195.113.254.55	2854
195.113.254.106	2821
195.113.254.134	2816
147.230.89.232	2777
195.113.252.64	2762
195.113.254.146	2758
78.128.254.238	2756
195.113.255.138	2735
195.113.254.225	2709
195.113.254.0	2706
147.230.104.233	2688
195.113.252.90	2677
78.128.255.192	2654
78.128.253.0	2599
78.128.255.180	2548
78.128.255.79	2478
195.113.255.64	2454
195.113.255.23	2421
195.113.255.224	2377
78.128.252.151	2373
195.113.254.255	2369
195.113.255.28	2334
195.113.252.109	2326
195.113.255.123	2296
195.113.255.25	2286
195.113.255.187	2286
195.113.255.130	2274
195.113.255.210	2266
78.128.252.149	2242
195.113.255.170	2224
78.128.253.180	2193
78.128.252.57	2168
78.128.252.56	2164
78.128.252.59	2163
Celkem	4 380 690

Source.Port - Top100¶

db.alerts.aggregate([{$group: {_id: "$Source.Port", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
[ ]	2360479
80	206075
null	24238
22	22399
6000	19306
49970	11996
51278	11349
25	9876
12200	8394
9224	7381
55283	6823
51555	6821
58882	6805
53451	6767
47953	6723
46194	6710
44131	6464
40897	6452
40658	6435
43211	6391
56450	6356
48928	6297
12801	6048
12700	6011
12800	5985
12809	5982
49002	5945
55607	5722
4935	5550
55151	5524
12810	5514
12803	5486
12805	5484
12807	5460
12223	5424
53284	5345
12705	5027
12702	5018
12970	5015
12710	5009
12706	5008
12701	5008
12708	4999
12711	4993
12703	4991
12704	4986
443	4546
12812	4479
12804	4466
12806	4461
12802	4450
12709	4435
52873	4248
34680	4151
5900	4075
12722	3967
12808	3945
55449	3820
60000	3610
12811	3466
5000	3103
25565	3029
3389	2809
49717	2204
48880	2176
42861	2076
4445	1730
56063	1400
57642	1399
50352	1371
61819	1371
1168	1358
53	1318
36877	1301
8080	1274
50285	1271
55854	1271
55761	1255
58134	1250
55239	1244
60707	1238
50559	1235
55031	1227
57058	1226
51568	1223
52968	1219
25585	1213
53793	1205
57911	1204
52506	1193
50271	1191
1935	1173
44898	1163
1104	1157
52181	1125
45042	1121
47197	1120
32901	1114
40494	1113
40613	1106
Celkem	3 005 966

Target.Port - Top100¶

db.alerts.aggregate([{$group: {_id: "$Target.Port", count: {$sum: 1}}}, {$sort: {count: -1}}], {allowDiskUse:true})

Nazev	Pocet
null	1486780
23	1213801
[ ]	440436
922	422461
674	420805
666	416326
930	414714
22	313000
80	296965
3389	293347
5900	195960
53688	138619
443	112856
445	96364
8080	73013
5901	54462
17098	51535
1433	37012
25	31306
21	26059
3306	24016
6379	23441
21320	22448
33012	21806
110	20589
9200	19630
3128	18909
27017	16547
11211	15293
1604	12856
143	12415
8000	12239
139	11709
4028	11632
2222	11617
53	11374
81	10897
4899	10548
465	9883
3395	9426
9000	9375
5631	9242
5038	9010
3394	8538
161	8339
995	8299
10000	7740
1080	7144
8081	6762
548	6690
8888	6657
389	6509
5902	6448
992	6276
33268	6018
8090	5753
17090	5479
4022	5476
3396	5460
993	5365
502	5358
3390	5305
8088	5045
33389	4997
3333	4912
82	4815
5555	4748
8010	4727
88	4511
3391	4504
20000	4484
3392	4468
8443	4447
16842	4446
119	4444
3393	4258
6000	4204
7777	4143
4444	4136
3000	4132
8181	4087
175	3984
33260	3924
9080	3919
3388	3872
135	3825
5000	3804
9999	3746
5060	3732
8098	3621
8070	3500
2000	3450
444	3441
102	3406
6666	3404
3344	3349
1200	3342
18245	3304
5007	3292
1234	3282
Celkem	7 148 044

Files (0)

Project

General

Profile

Mentat

Wiki

Anotace datasetu c. 2¶

Obecne¶

Stats¶

Category¶

Node.Name¶

Events per day (DetectTime)¶

IPv4 vs. IPv6¶

Source.IP4.ip - Top100¶

Target.IP4.ip - Top100¶

Source.IP4.min - Top100¶

Source.IP4.max - Top100¶

Target.IP4.min - Top100¶

Target.IP4.max - Top100¶

Source.Port - Top100¶

Target.Port - Top100¶