diff --git a/.index.json b/.index.json index 1f0ec439a1e..7be8dc6c137 100644 --- a/.index.json +++ b/.index.json @@ -6379,7 +6379,7 @@ "crowdsecurity/endlessh-logs": { "path": "parsers/s01-parse/crowdsecurity/endlessh-logs.yaml", "stage": "s01-parse", - "version": "0.3", + "version": "0.5", "versions": { "0.1": { "digest": "dc1affad319badddf95ad1a16bf633b6fd70ed02db0e490dc0540eef47576f2a", @@ -6392,9 +6392,17 @@ "0.3": { "digest": "ebb816832a32b98dca8e15f402c30c1010cf5ad1ebc2b1f910f74f40fd115902", "deprecated": false + }, + "0.4": { + "digest": "c6ddcc2a112b82ad359243a7d8152c1caae47ddf3722b42af6be3b44f5fcb4e4", + "deprecated": false + }, + "0.5": { + "digest": "620c6dc58cb72a142a957f3d138ba68228281c031e27fd0a1aab2f8e2f6f093b", + "deprecated": false } }, - "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZW5kbGVzc2gnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2VuZGxlc3NoLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBFbmRsZXNzaCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBFTkRMRVNTSF9BQ0NFUFRfVjQ6ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0/IEFDQ0VQVCBob3N0PSg6OmZmZmY6KT8le0lQVjQ6c291cmNlX2lwfSAiCiAgRU5ETEVTU0hfQUNDRVBUX1Y2OiAiJXtUSU1FU1RBTVBfSVNPODYwMTp0aW1lc3RhbXB9PyBBQ0NFUFQgaG9zdD0le0lQVjY6c291cmNlX2lwfSAiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNCIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNiIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdApzdGF0aWNzOgogIC0gbWV0YTogc2VydmljZQogICAgdmFsdWU6IGVuZGxlc3NoCiAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVzdGFtcAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zb3VyY2VfaXAiCg==", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnZW5kbGVzc2gnIgpuYW1lOiBjcm93ZHNlY3VyaXR5L2VuZGxlc3NoLWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBFbmRsZXNzaCBsb2dzIgpwYXR0ZXJuX3N5bnRheDoKICBFTkRMRVNTSF9HT19EQVRFOiAiJXtNT05USE5VTTJ9JXtEQVkyfSAle1RJTUV9IgogIEVORExFU1NIX0dPX0xJTkU6ICJJJXtFTkRMRVNTSF9HT19EQVRFOnRpbWVzdGFtcH0uKlxcXSBBQ0NFUFQgaG9zdD0le0lQOnNvdXJjZV9pcH0gIgogIEVORExFU1NIX0FDQ0VQVF9WNDogIiV7VElNRVNUQU1QX0lTTzg2MDE6dGltZXN0YW1wfT8gQUNDRVBUIGhvc3Q9KDo6ZmZmZjopPyV7SVBWNDpzb3VyY2VfaXB9ICIKICBFTkRMRVNTSF9BQ0NFUFRfVjY6ICIle1RJTUVTVEFNUF9JU084NjAxOnRpbWVzdGFtcH0/IEFDQ0VQVCBob3N0PSV7SVBWNjpzb3VyY2VfaXB9ICIKbm9kZXM6CiAgLSBncm9rOgogICAgICBuYW1lOiAiRU5ETEVTU0hfR09fTElORSIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogICAgICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZUZvcm1hdAogICAgICAgICAgdmFsdWU6ICIwMTAyIDE1OjA0OjA1IgogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNCIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAogIC0gZ3JvazoKICAgICAgbmFtZTogIkVORExFU1NIX0FDQ0VQVF9WNiIKICAgICAgYXBwbHlfb246IExpbmUuUmF3CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IGVuZGxlc3NoX2FjY2VwdAoKc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBlbmRsZXNzaAogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgo=", "description": "Parse Endlessh logs", "author": "crowdsecurity", "labels": null diff --git a/.tests/endlessh-logs/endlessh-logs.log b/.tests/endlessh-logs/endlessh-logs.log index 675c1fdefd4..846a64d27ad 100644 --- a/.tests/endlessh-logs/endlessh-logs.log +++ b/.tests/endlessh-logs/endlessh-logs.log @@ -106,3 +106,6 @@ 2022-02-13T12:15:11.423Z TOTALS connects=708 seconds=33873.219 bytes=47321 2022-02-13T12:17:31.839Z ACCEPT host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 n=1/4096 2022-02-13T12:17:59.307Z CLOSE host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 time=20.020 bytes=25 +I0613 10:22:21.684962 1 client.go:58] ACCEPT host=192.168.121.1 port=53598 n=2/4096 +I0613 10:22:22.751686 1 client.go:99] CLOSE host=192.168.121.1 port=42922 time=13.00339604 bytes=199 +I0613 10:22:26.154722 1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096 diff --git a/.tests/endlessh-logs/parser.assert b/.tests/endlessh-logs/parser.assert index 4100297e04e..a3ab70a7260 100644 --- a/.tests/endlessh-logs/parser.assert +++ b/.tests/endlessh-logs/parser.assert @@ -1,546 +1,672 @@ len(results) == 4 -len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 108 +len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 111 results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "2022-02-13T10:09:11.521Z Port 22" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "2022-02-13T10:09:11.521Z Delay 10000" results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "2022-02-13T10:09:11.521Z MaxLineLength 32" results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "2022-02-13T10:09:11.521Z MaxClients 4096" results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "2022-02-13T10:09:11.521Z BindFamily IPv4 Mapped IPv6" results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "2022-02-13T10:42:17.813Z ACCEPT host=::ffff:193.142.146.42 port=39590 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "2022-02-13T10:42:37.830Z CLOSE host=::ffff:193.142.146.42 port=39590 fd=4 time=20.017 bytes=20" results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][7].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["message"] == "2022-02-13T10:46:27.775Z ACCEPT host=::ffff:49.88.112.72 port=61899 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][8].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["message"] == "2022-02-13T10:46:47.779Z CLOSE host=::ffff:49.88.112.72 port=61899 fd=4 time=20.004 bytes=29" +results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][9].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["message"] == "2022-02-13T10:51:01.559Z ACCEPT host=::ffff:49.88.112.72 port=24936 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][10].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["message"] == "2022-02-13T10:51:21.578Z CLOSE host=::ffff:49.88.112.72 port=24936 fd=4 time=20.019 bytes=16" results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][11].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["message"] == "2022-02-13T10:53:05.206Z ACCEPT host=::ffff:49.88.112.72 port=44350 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][12].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["message"] == "2022-02-13T10:53:25.223Z CLOSE host=::ffff:49.88.112.72 port=44350 fd=4 time=20.017 bytes=6" results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][13].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["message"] == "2022-02-13T10:55:56.131Z ACCEPT host=::ffff:49.88.112.72 port=49461 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][14].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["message"] == "2022-02-13T10:56:16.151Z CLOSE host=::ffff:49.88.112.72 port=49461 fd=4 time=20.020 bytes=21" results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][15].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["message"] == "2022-02-13T10:57:18.739Z ACCEPT host=::ffff:49.88.112.72 port=46254 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][16].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Parsed["message"] == "2022-02-13T10:57:38.754Z CLOSE host=::ffff:49.88.112.72 port=46254 fd=4 time=20.015 bytes=29" +results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][17].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Parsed["message"] == "2022-02-13T11:01:37.741Z ACCEPT host=::ffff:49.88.112.72 port=55150 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][18].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Parsed["message"] == "2022-02-13T11:01:50.846Z ACCEPT host=::ffff:49.88.112.72 port=43330 fd=5 n=2/4096" results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][19].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Parsed["message"] == "2022-02-13T11:01:57.745Z CLOSE host=::ffff:49.88.112.72 port=55150 fd=4 time=20.004 bytes=8" results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][20].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Parsed["message"] == "2022-02-13T11:02:10.858Z CLOSE host=::ffff:49.88.112.72 port=43330 fd=5 time=20.012 bytes=18" results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][21].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Parsed["message"] == "2022-02-13T11:02:12.588Z ACCEPT host=::ffff:49.88.112.72 port=19851 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][22].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Parsed["message"] == "2022-02-13T11:02:32.608Z CLOSE host=::ffff:49.88.112.72 port=19851 fd=4 time=20.020 bytes=12" results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][23].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Parsed["message"] == "2022-02-13T11:03:19.438Z ACCEPT host=::ffff:49.88.112.72 port=30884 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][24].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Parsed["message"] == "2022-02-13T11:03:39.451Z CLOSE host=::ffff:49.88.112.72 port=30884 fd=4 time=20.013 bytes=18" +results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][25].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Parsed["message"] == "2022-02-13T11:04:54.637Z ACCEPT host=::ffff:49.88.112.72 port=43360 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][26].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][26].Evt.Parsed["message"] == "2022-02-13T11:05:14.657Z CLOSE host=::ffff:49.88.112.72 port=43360 fd=4 time=20.020 bytes=17" results["s00-raw"]["crowdsecurity/non-syslog"][26].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][26].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][26].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][26].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][26].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][27].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][27].Evt.Parsed["message"] == "2022-02-13T11:06:25.446Z ACCEPT host=::ffff:49.88.112.72 port=42068 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][27].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][27].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][27].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][27].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][28].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][28].Evt.Parsed["message"] == "2022-02-13T11:06:45.457Z CLOSE host=::ffff:49.88.112.72 port=42068 fd=4 time=20.011 bytes=20" results["s00-raw"]["crowdsecurity/non-syslog"][28].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][28].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][28].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][28].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][28].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][29].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][29].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][29].Evt.Parsed["message"] == "2022-02-13T11:08:37.791Z ACCEPT host=::ffff:49.88.112.72 port=54567 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][29].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][29].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][29].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][29].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][30].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][30].Evt.Parsed["message"] == "2022-02-13T11:08:57.794Z CLOSE host=::ffff:49.88.112.72 port=54567 fd=4 time=20.003 bytes=27" results["s00-raw"]["crowdsecurity/non-syslog"][30].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][30].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][30].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][30].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][31].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][31].Evt.Parsed["message"] == "2022-02-13T11:09:44.393Z ACCEPT host=::ffff:49.88.112.72 port=34132 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][31].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][31].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][31].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][31].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][32].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][32].Evt.Parsed["message"] == "2022-02-13T11:10:04.404Z CLOSE host=::ffff:49.88.112.72 port=34132 fd=4 time=20.011 bytes=4" results["s00-raw"]["crowdsecurity/non-syslog"][32].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][32].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][32].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][32].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][33].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][33].Evt.Parsed["message"] == "2022-02-13T11:11:02.770Z ACCEPT host=::ffff:49.88.112.72 port=60016 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][33].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][33].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][33].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][33].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][34].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][34].Evt.Parsed["message"] == "2022-02-13T11:11:22.787Z CLOSE host=::ffff:49.88.112.72 port=60016 fd=4 time=20.017 bytes=22" results["s00-raw"]["crowdsecurity/non-syslog"][34].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][34].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][34].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][34].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][34].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][35].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][35].Evt.Parsed["message"] == "2022-02-13T11:14:19.500Z ACCEPT host=::ffff:49.88.112.72 port=53678 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][35].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][35].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][35].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][35].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][36].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][36].Evt.Parsed["message"] == "2022-02-13T11:14:39.514Z CLOSE host=::ffff:49.88.112.72 port=53678 fd=4 time=20.014 bytes=23" results["s00-raw"]["crowdsecurity/non-syslog"][36].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][36].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][36].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][36].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][37].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][37].Evt.Parsed["message"] == "2022-02-13T11:17:17.528Z ACCEPT host=::ffff:49.88.112.72 port=31454 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][37].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][37].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][37].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][37].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][38].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][38].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][38].Evt.Parsed["message"] == "2022-02-13T11:17:37.532Z CLOSE host=::ffff:49.88.112.72 port=31454 fd=4 time=20.004 bytes=32" +results["s00-raw"]["crowdsecurity/non-syslog"][38].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][38].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][38].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][38].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][39].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][39].Evt.Parsed["message"] == "2022-02-13T11:18:44.156Z ACCEPT host=::ffff:49.88.112.72 port=16564 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][39].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][39].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][39].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][39].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][39].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][40].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][40].Evt.Parsed["message"] == "2022-02-13T11:19:04.175Z CLOSE host=::ffff:49.88.112.72 port=16564 fd=4 time=20.019 bytes=20" results["s00-raw"]["crowdsecurity/non-syslog"][40].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][40].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][40].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][40].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][40].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][41].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][41].Evt.Parsed["message"] == "2022-02-13T11:21:17.441Z ACCEPT host=::ffff:165.232.112.160 port=57056 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][41].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][41].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][41].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][41].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][42].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][42].Evt.Parsed["message"] == "2022-02-13T11:21:37.450Z CLOSE host=::ffff:165.232.112.160 port=57056 fd=4 time=20.009 bytes=3" results["s00-raw"]["crowdsecurity/non-syslog"][42].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][42].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][42].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][42].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][43].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][43].Evt.Parsed["message"] == "2022-02-13T11:22:29.229Z ACCEPT host=::ffff:49.88.112.72 port=40785 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][43].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][43].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][43].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][43].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][44].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][44].Evt.Parsed["message"] == "2022-02-13T11:22:49.246Z CLOSE host=::ffff:49.88.112.72 port=40785 fd=4 time=20.017 bytes=14" results["s00-raw"]["crowdsecurity/non-syslog"][44].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][44].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][44].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][44].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][45].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][45].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][45].Evt.Parsed["message"] == "2022-02-13T11:23:25.867Z ACCEPT host=::ffff:49.88.112.72 port=17785 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][45].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][45].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][45].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][45].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][46].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][46].Evt.Parsed["message"] == "2022-02-13T11:23:45.877Z CLOSE host=::ffff:49.88.112.72 port=17785 fd=4 time=20.010 bytes=24" results["s00-raw"]["crowdsecurity/non-syslog"][46].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][46].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][46].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][46].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][46].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][47].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][47].Evt.Parsed["message"] == "2022-02-13T11:24:55.313Z ACCEPT host=::ffff:49.88.112.72 port=45482 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][47].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][47].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][47].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][47].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][48].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][48].Evt.Parsed["message"] == "2022-02-13T11:25:15.324Z CLOSE host=::ffff:49.88.112.72 port=45482 fd=4 time=20.011 bytes=7" results["s00-raw"]["crowdsecurity/non-syslog"][48].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][48].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][48].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][48].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][49].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][49].Evt.Parsed["message"] == "2022-02-13T11:26:32.620Z ACCEPT host=::ffff:49.88.112.72 port=25911 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][49].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][49].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][49].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][49].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][50].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][50].Evt.Parsed["message"] == "2022-02-13T11:26:52.636Z CLOSE host=::ffff:49.88.112.72 port=25911 fd=4 time=20.016 bytes=19" results["s00-raw"]["crowdsecurity/non-syslog"][50].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][50].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][50].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][50].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][51].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][51].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][51].Evt.Parsed["message"] == "2022-02-13T11:31:02.471Z ACCEPT host=::ffff:49.88.112.72 port=54164 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][51].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][51].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][51].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][51].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][52].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][52].Evt.Parsed["message"] == "2022-02-13T11:31:22.486Z CLOSE host=::ffff:49.88.112.72 port=54164 fd=4 time=20.015 bytes=29" results["s00-raw"]["crowdsecurity/non-syslog"][52].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][52].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][52].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][52].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][53].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][53].Evt.Parsed["message"] == "2022-02-13T11:33:08.053Z ACCEPT host=::ffff:49.88.112.72 port=56498 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][53].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][53].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][53].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][53].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][54].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][54].Evt.Parsed["message"] == "2022-02-13T11:33:28.070Z CLOSE host=::ffff:49.88.112.72 port=56498 fd=4 time=20.017 bytes=21" results["s00-raw"]["crowdsecurity/non-syslog"][54].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][54].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][54].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][54].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][55].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][55].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][55].Evt.Parsed["message"] == "2022-02-13T11:34:11.826Z ACCEPT host=::ffff:49.88.112.72 port=46301 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][55].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][55].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][55].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][55].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][56].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][56].Evt.Parsed["message"] == "2022-02-13T11:34:31.839Z CLOSE host=::ffff:49.88.112.72 port=46301 fd=4 time=20.013 bytes=31" results["s00-raw"]["crowdsecurity/non-syslog"][56].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][56].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][56].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][56].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][57].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][57].Evt.Parsed["message"] == "2022-02-13T11:35:59.307Z ACCEPT host=::ffff:49.88.112.72 port=39949 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][57].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][57].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][57].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][57].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][58].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][58].Evt.Parsed["message"] == "2022-02-13T11:36:19.324Z CLOSE host=::ffff:49.88.112.72 port=39949 fd=4 time=20.017 bytes=16" results["s00-raw"]["crowdsecurity/non-syslog"][58].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][58].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][58].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][58].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][59].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][59].Evt.Parsed["message"] == "2022-02-13T11:37:11.459Z ACCEPT host=::ffff:49.88.112.72 port=19005 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][59].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][59].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][59].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][59].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][60].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][60].Evt.Parsed["message"] == "2022-02-13T11:37:31.475Z CLOSE host=::ffff:49.88.112.72 port=19005 fd=4 time=20.016 bytes=17" results["s00-raw"]["crowdsecurity/non-syslog"][60].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][60].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][60].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][60].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][61].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][61].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][61].Evt.Parsed["message"] == "2022-02-13T11:39:14.349Z ACCEPT host=::ffff:49.88.112.72 port=52296 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][61].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][61].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][61].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][61].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][62].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][62].Evt.Parsed["message"] == "2022-02-13T11:39:34.367Z CLOSE host=::ffff:49.88.112.72 port=52296 fd=4 time=20.018 bytes=11" results["s00-raw"]["crowdsecurity/non-syslog"][62].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][62].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][62].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][62].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][63].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][63].Evt.Parsed["message"] == "2022-02-13T11:40:27.877Z ACCEPT host=::ffff:49.88.112.72 port=42606 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][63].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][63].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][63].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][63].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][64].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][64].Evt.Parsed["message"] == "2022-02-13T11:40:47.892Z CLOSE host=::ffff:49.88.112.72 port=42606 fd=4 time=20.015 bytes=19" results["s00-raw"]["crowdsecurity/non-syslog"][64].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][64].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][64].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][64].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][65].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][65].Evt.Parsed["message"] == "2022-02-13T11:41:51.108Z ACCEPT host=::ffff:49.88.112.72 port=61157 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][65].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][65].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][65].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][65].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][66].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][66].Evt.Parsed["message"] == "2022-02-13T11:42:11.126Z CLOSE host=::ffff:49.88.112.72 port=61157 fd=4 time=20.018 bytes=12" results["s00-raw"]["crowdsecurity/non-syslog"][66].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][66].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][66].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][66].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][67].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][67].Evt.Parsed["message"] == "2022-02-13T11:44:54.352Z ACCEPT host=::ffff:49.88.112.72 port=34267 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][67].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][67].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][67].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][67].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][68].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][68].Evt.Parsed["message"] == "2022-02-13T11:44:56.120Z ACCEPT host=::ffff:141.98.11.27 port=59032 fd=5 n=2/4096" results["s00-raw"]["crowdsecurity/non-syslog"][68].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][68].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][68].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][68].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][69].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][69].Evt.Parsed["message"] == "2022-02-13T11:45:14.365Z CLOSE host=::ffff:49.88.112.72 port=34267 fd=4 time=20.013 bytes=5" results["s00-raw"]["crowdsecurity/non-syslog"][69].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][69].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][69].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][69].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][70].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][70].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][70].Evt.Parsed["message"] == "2022-02-13T11:45:16.124Z CLOSE host=::ffff:141.98.11.27 port=59032 fd=5 time=20.004 bytes=22" +results["s00-raw"]["crowdsecurity/non-syslog"][70].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][70].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][70].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][70].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][71].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][71].Evt.Parsed["message"] == "2022-02-13T11:46:41.715Z ACCEPT host=::ffff:49.88.112.72 port=49347 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][71].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][71].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][71].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][71].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][71].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][72].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][72].Evt.Parsed["message"] == "2022-02-13T11:47:01.730Z CLOSE host=::ffff:49.88.112.72 port=49347 fd=4 time=20.015 bytes=20" results["s00-raw"]["crowdsecurity/non-syslog"][72].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][72].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][72].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][72].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][73].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][73].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][73].Evt.Parsed["message"] == "2022-02-13T11:47:58.463Z ACCEPT host=::ffff:49.88.112.72 port=54927 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][73].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][73].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][73].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][73].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][74].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][74].Evt.Parsed["message"] == "2022-02-13T11:48:18.475Z CLOSE host=::ffff:49.88.112.72 port=54927 fd=4 time=20.012 bytes=24" results["s00-raw"]["crowdsecurity/non-syslog"][74].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][74].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][74].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][74].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][75].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][75].Evt.Parsed["message"] == "2022-02-13T11:49:31.344Z ACCEPT host=::ffff:49.88.112.72 port=12208 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][75].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][75].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][75].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][75].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][76].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][76].Evt.Parsed["message"] == "2022-02-13T11:49:51.361Z CLOSE host=::ffff:49.88.112.72 port=12208 fd=4 time=20.017 bytes=32" results["s00-raw"]["crowdsecurity/non-syslog"][76].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][76].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][76].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][76].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][77].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][77].Evt.Parsed["message"] == "2022-02-13T11:51:35.252Z ACCEPT host=::ffff:212.192.246.173 port=35630 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][77].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][77].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][77].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][77].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][78].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][78].Evt.Parsed["message"] == "2022-02-13T11:51:35.359Z ACCEPT host=::ffff:49.88.112.72 port=62525 fd=5 n=2/4096" results["s00-raw"]["crowdsecurity/non-syslog"][78].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][78].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][78].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][78].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][79].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][79].Evt.Parsed["message"] == "2022-02-13T11:51:55.265Z CLOSE host=::ffff:212.192.246.173 port=35630 fd=4 time=20.013 bytes=11" results["s00-raw"]["crowdsecurity/non-syslog"][79].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][79].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][79].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][79].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][80].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][80].Evt.Parsed["message"] == "2022-02-13T11:51:55.359Z CLOSE host=::ffff:49.88.112.72 port=62525 fd=5 time=20.000 bytes=5" results["s00-raw"]["crowdsecurity/non-syslog"][80].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][80].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][80].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][80].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][81].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][81].Evt.Parsed["message"] == "2022-02-13T11:52:44.396Z ACCEPT host=::ffff:49.88.112.72 port=19429 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][81].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][81].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][81].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][81].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][82].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][82].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][82].Evt.Parsed["message"] == "2022-02-13T11:53:04.417Z CLOSE host=::ffff:49.88.112.72 port=19429 fd=4 time=20.021 bytes=18" +results["s00-raw"]["crowdsecurity/non-syslog"][82].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][82].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][82].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][82].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][83].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][83].Evt.Parsed["message"] == "2022-02-13T11:54:17.557Z ACCEPT host=::ffff:49.88.112.72 port=19439 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][83].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][83].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][83].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][83].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][83].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][84].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][84].Evt.Parsed["message"] == "2022-02-13T11:54:37.575Z CLOSE host=::ffff:49.88.112.72 port=19439 fd=4 time=20.018 bytes=28" results["s00-raw"]["crowdsecurity/non-syslog"][84].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][84].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][84].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][84].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][85].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][85].Evt.Parsed["message"] == "2022-02-13T11:56:13.717Z ACCEPT host=::ffff:49.88.112.72 port=10422 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][85].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][85].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][85].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][85].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][86].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][86].Evt.Parsed["message"] == "2022-02-13T11:56:33.734Z CLOSE host=::ffff:49.88.112.72 port=10422 fd=4 time=20.017 bytes=8" results["s00-raw"]["crowdsecurity/non-syslog"][86].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][86].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][86].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][86].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][86].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][87].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][87].Evt.Parsed["message"] == "2022-02-13T11:57:16.679Z ACCEPT host=::ffff:49.88.112.72 port=50896 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][87].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][87].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][87].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][87].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][88].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][88].Evt.Parsed["message"] == "2022-02-13T11:57:36.696Z CLOSE host=::ffff:49.88.112.72 port=50896 fd=4 time=20.017 bytes=22" results["s00-raw"]["crowdsecurity/non-syslog"][88].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][88].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][88].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][88].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][89].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][89].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][89].Evt.Parsed["message"] == "2022-02-13T11:59:32.884Z ACCEPT host=::ffff:49.88.112.72 port=36242 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][89].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][89].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][89].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][89].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][90].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][90].Evt.Parsed["message"] == "2022-02-13T11:59:52.902Z CLOSE host=::ffff:49.88.112.72 port=36242 fd=4 time=20.018 bytes=28" results["s00-raw"]["crowdsecurity/non-syslog"][90].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][90].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][90].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][90].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][91].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][91].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][91].Evt.Parsed["message"] == "2022-02-13T12:00:47.800Z ACCEPT host=::ffff:49.88.112.72 port=22220 fd=4 n=1/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][91].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][91].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][91].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][91].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][92].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][92].Evt.Parsed["message"] == "2022-02-13T12:01:07.820Z CLOSE host=::ffff:49.88.112.72 port=22220 fd=4 time=20.020 bytes=9" results["s00-raw"]["crowdsecurity/non-syslog"][92].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][92].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][92].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][92].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][93].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][93].Evt.Parsed["message"] == "2022-02-13T12:01:59.882Z ACCEPT host=::ffff:49.88.112.72 port=42827 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][93].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][93].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][93].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][93].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][94].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][94].Evt.Parsed["message"] == "2022-02-13T12:02:19.895Z CLOSE host=::ffff:49.88.112.72 port=42827 fd=4 time=20.014 bytes=6" results["s00-raw"]["crowdsecurity/non-syslog"][94].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][94].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][94].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][94].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][95].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][95].Evt.Parsed["message"] == "2022-02-13T12:03:21.948Z ACCEPT host=::ffff:49.88.112.72 port=28744 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][95].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][95].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][95].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][95].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][96].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Parsed["message"] == "2022-02-13T12:03:41.968Z CLOSE host=::ffff:49.88.112.72 port=28744 fd=4 time=20.020 bytes=4" -results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][96].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][97].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][97].Evt.Parsed["message"] == "2022-02-13T12:05:00.857Z ACCEPT host=::ffff:49.88.112.72 port=53672 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][97].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][97].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][97].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][97].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][98].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][98].Evt.Parsed["message"] == "2022-02-13T12:05:20.875Z CLOSE host=::ffff:49.88.112.72 port=53672 fd=4 time=20.018 bytes=25" results["s00-raw"]["crowdsecurity/non-syslog"][98].Evt.Parsed["program"] == "endlessh" -results["s00-raw"]["crowdsecurity/non-syslog"][98].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][98].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][98].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][98].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][99].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][99].Evt.Parsed["message"] == "2022-02-13T12:06:32.107Z ACCEPT host=::ffff:49.88.112.72 port=53082 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][99].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][99].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][99].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][99].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][100].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Parsed["message"] == "2022-02-13T12:06:52.126Z CLOSE host=::ffff:49.88.112.72 port=53082 fd=4 time=20.019 bytes=6" -results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][100].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][101].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][101].Evt.Parsed["message"] == "2022-02-13T12:12:43.171Z ACCEPT host=::ffff:49.88.112.72 port=33459 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][101].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][101].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][101].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][101].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][102].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][102].Evt.Parsed["message"] == "2022-02-13T12:13:03.180Z CLOSE host=::ffff:49.88.112.72 port=33459 fd=4 time=20.009 bytes=22" results["s00-raw"]["crowdsecurity/non-syslog"][102].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][102].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][102].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][102].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][103].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Parsed["message"] == "2022-02-13T12:14:06.577Z ACCEPT host=::ffff:49.88.112.72 port=25804 fd=4 n=1/4096" -results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][103].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][104].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][104].Evt.Parsed["message"] == "2022-02-13T12:14:26.588Z CLOSE host=::ffff:49.88.112.72 port=25804 fd=4 time=20.011 bytes=10" results["s00-raw"]["crowdsecurity/non-syslog"][104].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][104].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][104].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][104].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][105].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][105].Evt.Parsed["message"] == "2022-02-13T12:15:11.423Z TOTALS connects=708 seconds=33873.219 bytes=47321" results["s00-raw"]["crowdsecurity/non-syslog"][105].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][105].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][105].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][105].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][106].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][106].Evt.Parsed["message"] == "2022-02-13T12:17:31.839Z ACCEPT host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 n=1/4096" results["s00-raw"]["crowdsecurity/non-syslog"][106].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][106].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][106].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][106].Evt.Whitelisted == false results["s00-raw"]["crowdsecurity/non-syslog"][107].Success == true -results["s00-raw"]["crowdsecurity/non-syslog"][107].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][107].Evt.Parsed["message"] == "2022-02-13T12:17:59.307Z CLOSE host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 time=20.020 bytes=25" +results["s00-raw"]["crowdsecurity/non-syslog"][107].Evt.Parsed["program"] == "endlessh" results["s00-raw"]["crowdsecurity/non-syslog"][107].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s00-raw"]["crowdsecurity/non-syslog"][107].Evt.Meta["datasource_type"] == "file" -len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 108 +results["s00-raw"]["crowdsecurity/non-syslog"][107].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][108].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][108].Evt.Parsed["message"] == "I0613 10:22:21.684962 1 client.go:58] ACCEPT host=192.168.121.1 port=53598 n=2/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][108].Evt.Parsed["program"] == "endlessh" +results["s00-raw"]["crowdsecurity/non-syslog"][108].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][108].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][108].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][109].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][109].Evt.Parsed["message"] == "I0613 10:22:22.751686 1 client.go:99] CLOSE host=192.168.121.1 port=42922 time=13.00339604 bytes=199" +results["s00-raw"]["crowdsecurity/non-syslog"][109].Evt.Parsed["program"] == "endlessh" +results["s00-raw"]["crowdsecurity/non-syslog"][109].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][109].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][109].Evt.Whitelisted == false +results["s00-raw"]["crowdsecurity/non-syslog"][110].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][110].Evt.Parsed["message"] == "I0613 10:22:26.154722 1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096" +results["s00-raw"]["crowdsecurity/non-syslog"][110].Evt.Parsed["program"] == "endlessh" +results["s00-raw"]["crowdsecurity/non-syslog"][110].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s00-raw"]["crowdsecurity/non-syslog"][110].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][110].Evt.Whitelisted == false +len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 111 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false @@ -649,77 +775,86 @@ results["s00-raw"]["crowdsecurity/syslog-logs"][104].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][105].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][106].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][107].Success == false -len(results["s01-parse"]["crowdsecurity/endlessh-logs"]) == 108 +results["s00-raw"]["crowdsecurity/syslog-logs"][108].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][109].Success == false +results["s00-raw"]["crowdsecurity/syslog-logs"][110].Success == false +len(results["s01-parse"]["crowdsecurity/endlessh-logs"]) == 111 results["s01-parse"]["crowdsecurity/endlessh-logs"][0].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][1].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][2].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][3].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][4].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Parsed["source_ip"] == "193.142.146.42" -results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Parsed["timestamp"] == "2022-02-13T10:42:17.813Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Parsed["message"] == "2022-02-13T10:42:17.813Z ACCEPT host=::ffff:193.142.146.42 port=39590 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Parsed["program"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Parsed["source_ip"] == "193.142.146.42" +results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Parsed["timestamp"] == "2022-02-13T10:42:17.813Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Meta["source_ip"] == "193.142.146.42" +results["s01-parse"]["crowdsecurity/endlessh-logs"][5].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][6].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Parsed["timestamp"] == "2022-02-13T10:46:27.775Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Parsed["message"] == "2022-02-13T10:46:27.775Z ACCEPT host=::ffff:49.88.112.72 port=61899 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Parsed["timestamp"] == "2022-02-13T10:46:27.775Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][7].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][8].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Parsed["message"] == "2022-02-13T10:51:01.559Z ACCEPT host=::ffff:49.88.112.72 port=24936 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Parsed["timestamp"] == "2022-02-13T10:51:01.559Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][9].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][10].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Parsed["message"] == "2022-02-13T10:53:05.206Z ACCEPT host=::ffff:49.88.112.72 port=44350 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Parsed["timestamp"] == "2022-02-13T10:53:05.206Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][11].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][12].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Parsed["message"] == "2022-02-13T10:55:56.131Z ACCEPT host=::ffff:49.88.112.72 port=49461 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Parsed["timestamp"] == "2022-02-13T10:55:56.131Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][13].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][14].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Parsed["message"] == "2022-02-13T10:57:18.739Z ACCEPT host=::ffff:49.88.112.72 port=46254 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Parsed["timestamp"] == "2022-02-13T10:57:18.739Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["service"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][15].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][16].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Evt.Parsed["message"] == "2022-02-13T11:01:37.741Z ACCEPT host=::ffff:49.88.112.72 port=55150 fd=4 n=1/4096" @@ -731,16 +866,18 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][17].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Parsed["timestamp"] == "2022-02-13T11:01:50.846Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Parsed["message"] == "2022-02-13T11:01:50.846Z ACCEPT host=::ffff:49.88.112.72 port=43330 fd=5 n=2/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Parsed["program"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Parsed["timestamp"] == "2022-02-13T11:01:50.846Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][18].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][19].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][20].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][21].Success == true @@ -753,6 +890,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][21].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][21].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][21].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][21].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][21].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][22].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Evt.Parsed["message"] == "2022-02-13T11:03:19.438Z ACCEPT host=::ffff:49.88.112.72 port=30884 fd=4 n=1/4096" @@ -764,17 +902,19 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][23].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][24].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Parsed["message"] == "2022-02-13T11:04:54.637Z ACCEPT host=::ffff:49.88.112.72 port=43360 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Parsed["timestamp"] == "2022-02-13T11:04:54.637Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Meta["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][25].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][26].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Evt.Parsed["message"] == "2022-02-13T11:06:25.446Z ACCEPT host=::ffff:49.88.112.72 port=42068 fd=4 n=1/4096" @@ -786,6 +926,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][27].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][28].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Evt.Parsed["message"] == "2022-02-13T11:08:37.791Z ACCEPT host=::ffff:49.88.112.72 port=54567 fd=4 n=1/4096" @@ -797,17 +938,19 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][29].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][30].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Parsed["message"] == "2022-02-13T11:09:44.393Z ACCEPT host=::ffff:49.88.112.72 port=34132 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Parsed["timestamp"] == "2022-02-13T11:09:44.393Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][31].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][32].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Evt.Parsed["message"] == "2022-02-13T11:11:02.770Z ACCEPT host=::ffff:49.88.112.72 port=60016 fd=4 n=1/4096" @@ -819,39 +962,43 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][33].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][34].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Parsed["timestamp"] == "2022-02-13T11:14:19.500Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Parsed["message"] == "2022-02-13T11:14:19.500Z ACCEPT host=::ffff:49.88.112.72 port=53678 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Parsed["program"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Parsed["timestamp"] == "2022-02-13T11:14:19.500Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][35].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][36].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Parsed["message"] == "2022-02-13T11:17:17.528Z ACCEPT host=::ffff:49.88.112.72 port=31454 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Parsed["timestamp"] == "2022-02-13T11:17:17.528Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Meta["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][37].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][38].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Parsed["message"] == "2022-02-13T11:18:44.156Z ACCEPT host=::ffff:49.88.112.72 port=16564 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Parsed["timestamp"] == "2022-02-13T11:18:44.156Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][39].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][40].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Evt.Parsed["message"] == "2022-02-13T11:21:17.441Z ACCEPT host=::ffff:165.232.112.160 port=57056 fd=4 n=1/4096" @@ -863,28 +1010,31 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Evt.Meta["source_ip"] == "165.232.112.160" +results["s01-parse"]["crowdsecurity/endlessh-logs"][41].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][42].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Parsed["timestamp"] == "2022-02-13T11:22:29.229Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Parsed["message"] == "2022-02-13T11:22:29.229Z ACCEPT host=::ffff:49.88.112.72 port=40785 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Parsed["timestamp"] == "2022-02-13T11:22:29.229Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][43].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][44].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Parsed["message"] == "2022-02-13T11:23:25.867Z ACCEPT host=::ffff:49.88.112.72 port=17785 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Parsed["timestamp"] == "2022-02-13T11:23:25.867Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][45].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][46].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Evt.Parsed["message"] == "2022-02-13T11:24:55.313Z ACCEPT host=::ffff:49.88.112.72 port=45482 fd=4 n=1/4096" @@ -896,17 +1046,19 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][47].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][48].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Parsed["timestamp"] == "2022-02-13T11:26:32.620Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Parsed["message"] == "2022-02-13T11:26:32.620Z ACCEPT host=::ffff:49.88.112.72 port=25911 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Parsed["program"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Parsed["timestamp"] == "2022-02-13T11:26:32.620Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][49].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][50].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Evt.Parsed["message"] == "2022-02-13T11:31:02.471Z ACCEPT host=::ffff:49.88.112.72 port=54164 fd=4 n=1/4096" @@ -918,6 +1070,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][51].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][52].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Evt.Parsed["message"] == "2022-02-13T11:33:08.053Z ACCEPT host=::ffff:49.88.112.72 port=56498 fd=4 n=1/4096" @@ -929,6 +1082,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][53].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][54].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Evt.Parsed["message"] == "2022-02-13T11:34:11.826Z ACCEPT host=::ffff:49.88.112.72 port=46301 fd=4 n=1/4096" @@ -940,6 +1094,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][55].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][56].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Evt.Parsed["message"] == "2022-02-13T11:35:59.307Z ACCEPT host=::ffff:49.88.112.72 port=39949 fd=4 n=1/4096" @@ -951,61 +1106,67 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][57].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][58].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Parsed["message"] == "2022-02-13T11:37:11.459Z ACCEPT host=::ffff:49.88.112.72 port=19005 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Parsed["timestamp"] == "2022-02-13T11:37:11.459Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Parsed["message"] == "2022-02-13T11:37:11.459Z ACCEPT host=::ffff:49.88.112.72 port=19005 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][59].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][60].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Parsed["message"] == "2022-02-13T11:39:14.349Z ACCEPT host=::ffff:49.88.112.72 port=52296 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Parsed["timestamp"] == "2022-02-13T11:39:14.349Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Parsed["message"] == "2022-02-13T11:39:14.349Z ACCEPT host=::ffff:49.88.112.72 port=52296 fd=4 n=1/4096" -results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Meta["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][61].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][62].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Parsed["timestamp"] == "2022-02-13T11:40:27.877Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Parsed["message"] == "2022-02-13T11:40:27.877Z ACCEPT host=::ffff:49.88.112.72 port=42606 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Parsed["timestamp"] == "2022-02-13T11:40:27.877Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][63].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][64].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Parsed["message"] == "2022-02-13T11:41:51.108Z ACCEPT host=::ffff:49.88.112.72 port=61157 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Parsed["timestamp"] == "2022-02-13T11:41:51.108Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Parsed["message"] == "2022-02-13T11:41:51.108Z ACCEPT host=::ffff:49.88.112.72 port=61157 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][65].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][66].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Parsed["message"] == "2022-02-13T11:44:54.352Z ACCEPT host=::ffff:49.88.112.72 port=34267 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Parsed["timestamp"] == "2022-02-13T11:44:54.352Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][67].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Parsed["message"] == "2022-02-13T11:44:56.120Z ACCEPT host=::ffff:141.98.11.27 port=59032 fd=5 n=2/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Parsed["program"] == "endlessh" @@ -1016,6 +1177,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Meta["source_ip"] == "141.98.11.27" +results["s01-parse"]["crowdsecurity/endlessh-logs"][68].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][69].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][70].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][71].Success == true @@ -1028,6 +1190,7 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][71].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][71].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][71].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][71].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][71].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][72].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Evt.Parsed["message"] == "2022-02-13T11:47:58.463Z ACCEPT host=::ffff:49.88.112.72 port=54927 fd=4 n=1/4096" @@ -1039,38 +1202,42 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][73].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][74].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Parsed["message"] == "2022-02-13T11:49:31.344Z ACCEPT host=::ffff:49.88.112.72 port=12208 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Parsed["timestamp"] == "2022-02-13T11:49:31.344Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Parsed["message"] == "2022-02-13T11:49:31.344Z ACCEPT host=::ffff:49.88.112.72 port=12208 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][75].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][76].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.252Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Parsed["message"] == "2022-02-13T11:51:35.252Z ACCEPT host=::ffff:212.192.246.173 port=35630 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Parsed["source_ip"] == "212.192.246.173" -results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["service"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["source_ip"] == "212.192.246.173" +results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.252Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Meta["source_ip"] == "212.192.246.173" +results["s01-parse"]["crowdsecurity/endlessh-logs"][77].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.359Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Parsed["message"] == "2022-02-13T11:51:35.359Z ACCEPT host=::ffff:49.88.112.72 port=62525 fd=5 n=2/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Parsed["program"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["service"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.359Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][78].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][79].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][80].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][81].Success == true @@ -1083,28 +1250,31 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][81].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][81].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][81].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][81].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][81].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][82].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Parsed["timestamp"] == "2022-02-13T11:54:17.557Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Parsed["message"] == "2022-02-13T11:54:17.557Z ACCEPT host=::ffff:49.88.112.72 port=19439 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Parsed["program"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["service"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Parsed["timestamp"] == "2022-02-13T11:54:17.557Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][83].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][84].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Success == true -results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Parsed["timestamp"] == "2022-02-13T11:56:13.717Z" results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Parsed["message"] == "2022-02-13T11:56:13.717Z ACCEPT host=::ffff:49.88.112.72 port=10422 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Parsed["timestamp"] == "2022-02-13T11:56:13.717Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][85].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][86].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Evt.Parsed["message"] == "2022-02-13T11:57:16.679Z ACCEPT host=::ffff:49.88.112.72 port=50896 fd=4 n=1/4096" @@ -1116,39 +1286,43 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][87].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][88].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Parsed["message"] == "2022-02-13T11:59:32.884Z ACCEPT host=::ffff:49.88.112.72 port=36242 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Parsed["timestamp"] == "2022-02-13T11:59:32.884Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Parsed["message"] == "2022-02-13T11:59:32.884Z ACCEPT host=::ffff:49.88.112.72 port=36242 fd=4 n=1/4096" +results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][89].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][90].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Parsed["message"] == "2022-02-13T12:00:47.800Z ACCEPT host=::ffff:49.88.112.72 port=22220 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Parsed["timestamp"] == "2022-02-13T12:00:47.800Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][91].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][92].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Parsed["message"] == "2022-02-13T12:01:59.882Z ACCEPT host=::ffff:49.88.112.72 port=42827 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Parsed["timestamp"] == "2022-02-13T12:01:59.882Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Parsed["message"] == "2022-02-13T12:01:59.882Z ACCEPT host=::ffff:49.88.112.72 port=42827 fd=4 n=1/4096" -results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Meta["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][93].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][94].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Evt.Parsed["message"] == "2022-02-13T12:03:21.948Z ACCEPT host=::ffff:49.88.112.72 port=28744 fd=4 n=1/4096" @@ -1160,50 +1334,55 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Evt.Meta["datasource_typ results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][95].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][96].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Parsed["message"] == "2022-02-13T12:05:00.857Z ACCEPT host=::ffff:49.88.112.72 port=53672 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Parsed["timestamp"] == "2022-02-13T12:05:00.857Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["service"] == "endlessh" -results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][97].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][98].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Parsed["message"] == "2022-02-13T12:06:32.107Z ACCEPT host=::ffff:49.88.112.72 port=53082 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Parsed["timestamp"] == "2022-02-13T12:06:32.107Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][99].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][100].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Success == true results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Parsed["message"] == "2022-02-13T12:12:43.171Z ACCEPT host=::ffff:49.88.112.72 port=33459 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Parsed["timestamp"] == "2022-02-13T12:12:43.171Z" +results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Meta["source_ip"] == "49.88.112.72" -results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][101].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][102].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Parsed["message"] == "2022-02-13T12:14:06.577Z ACCEPT host=::ffff:49.88.112.72 port=25804 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Parsed["program"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Parsed["source_ip"] == "49.88.112.72" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Parsed["timestamp"] == "2022-02-13T12:14:06.577Z" -results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Parsed["message"] == "2022-02-13T12:14:06.577Z ACCEPT host=::ffff:49.88.112.72 port=25804 fd=4 n=1/4096" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Meta["datasource_type"] == "file" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Meta["source_ip"] == "49.88.112.72" +results["s01-parse"]["crowdsecurity/endlessh-logs"][103].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][104].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][105].Success == false results["s01-parse"]["crowdsecurity/endlessh-logs"][106].Success == true @@ -1216,8 +1395,32 @@ results["s01-parse"]["crowdsecurity/endlessh-logs"][106].Evt.Meta["datasource_ty results["s01-parse"]["crowdsecurity/endlessh-logs"][106].Evt.Meta["log_type"] == "endlessh_accept" results["s01-parse"]["crowdsecurity/endlessh-logs"][106].Evt.Meta["service"] == "endlessh" results["s01-parse"]["crowdsecurity/endlessh-logs"][106].Evt.Meta["source_ip"] == "2001:db8:85a3:8d3:1319:8a2e:370:7348" +results["s01-parse"]["crowdsecurity/endlessh-logs"][106].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/endlessh-logs"][107].Success == false -len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 51 +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Parsed["message"] == "I0613 10:22:21.684962 1 client.go:58] ACCEPT host=192.168.121.1 port=53598 n=2/4096" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Parsed["program"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Parsed["source_ip"] == "192.168.121.1" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Parsed["timestamp"] == "0613 10:22:21.684962" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Meta["source_ip"] == "192.168.121.1" +results["s01-parse"]["crowdsecurity/endlessh-logs"][108].Evt.Whitelisted == false +results["s01-parse"]["crowdsecurity/endlessh-logs"][109].Success == false +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Success == true +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Parsed["message"] == "I0613 10:22:26.154722 1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Parsed["program"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Parsed["source_ip"] == "192.168.121.1" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Parsed["timestamp"] == "0613 10:22:26.154722" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Meta["log_type"] == "endlessh_accept" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Meta["service"] == "endlessh" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Meta["source_ip"] == "192.168.121.1" +results["s01-parse"]["crowdsecurity/endlessh-logs"][110].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 53 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "2022-02-13T10:42:17.813Z ACCEPT host=::ffff:193.142.146.42 port=39590 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "endlessh" @@ -1230,30 +1433,33 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] = results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "193.142.146.42" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2022-02-13T10:42:17.813Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2022-02-13T10:42:17.813Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "2022-02-13T10:46:27.775Z ACCEPT host=::ffff:49.88.112.72 port=61899 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["timestamp"] == "2022-02-13T10:46:27.775Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2022-02-13T10:46:27.775Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2022-02-13T10:46:27.775Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2022-02-13T10:46:27.775Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["timestamp"] == "2022-02-13T10:51:01.559Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "2022-02-13T10:51:01.559Z ACCEPT host=::ffff:49.88.112.72 port=24936 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["timestamp"] == "2022-02-13T10:51:01.559Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2022-02-13T10:51:01.559Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2022-02-13T10:51:01.559Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "2022-02-13T10:53:05.206Z ACCEPT host=::ffff:49.88.112.72 port=44350 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "endlessh" @@ -1266,18 +1472,20 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] = results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2022-02-13T10:53:05.206Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2022-02-13T10:53:05.206Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["timestamp"] == "2022-02-13T10:55:56.131Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "2022-02-13T10:55:56.131Z ACCEPT host=::ffff:49.88.112.72 port=49461 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["timestamp"] == "2022-02-13T10:55:56.131Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2022-02-13T10:55:56.131Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2022-02-13T10:55:56.131Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "2022-02-13T10:57:18.739Z ACCEPT host=::ffff:49.88.112.72 port=46254 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "endlessh" @@ -1290,42 +1498,46 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] = results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2022-02-13T10:57:18.739Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2022-02-13T10:57:18.739Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "2022-02-13T11:01:37.741Z ACCEPT host=::ffff:49.88.112.72 port=55150 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["timestamp"] == "2022-02-13T11:01:37.741Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "2022-02-13T11:01:37.741Z ACCEPT host=::ffff:49.88.112.72 port=55150 fd=4 n=1/4096" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2022-02-13T11:01:37.741Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2022-02-13T11:01:37.741Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:01:37.741Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "2022-02-13T11:01:50.846Z ACCEPT host=::ffff:49.88.112.72 port=43330 fd=5 n=2/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["timestamp"] == "2022-02-13T11:01:50.846Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "2022-02-13T11:01:50.846Z ACCEPT host=::ffff:49.88.112.72 port=43330 fd=5 n=2/4096" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2022-02-13T11:01:50.846Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:01:50.846Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["message"] == "2022-02-13T11:02:12.588Z ACCEPT host=::ffff:49.88.112.72 port=19851 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["timestamp"] == "2022-02-13T11:02:12.588Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"] == "2022-02-13T11:02:12.588Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"] == "2022-02-13T11:02:12.588Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:02:12.588Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["message"] == "2022-02-13T11:03:19.438Z ACCEPT host=::ffff:49.88.112.72 port=30884 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["program"] == "endlessh" @@ -1338,11 +1550,12 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["service"] = results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["timestamp"] == "2022-02-13T11:03:19.438Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:03:19.438Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["timestamp"] == "2022-02-13T11:04:54.637Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["message"] == "2022-02-13T11:04:54.637Z ACCEPT host=::ffff:49.88.112.72 port=43360 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["program"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["timestamp"] == "2022-02-13T11:04:54.637Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["log_type"] == "endlessh_accept" @@ -1350,83 +1563,90 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"] == "2022-02-13T11:04:54.637Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:04:54.637Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["message"] == "2022-02-13T11:06:25.446Z ACCEPT host=::ffff:49.88.112.72 port=42068 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["timestamp"] == "2022-02-13T11:06:25.446Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2022-02-13T11:06:25.446Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2022-02-13T11:06:25.446Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:06:25.446Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["message"] == "2022-02-13T11:08:37.791Z ACCEPT host=::ffff:49.88.112.72 port=54567 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["timestamp"] == "2022-02-13T11:08:37.791Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"] == "2022-02-13T11:08:37.791Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"] == "2022-02-13T11:08:37.791Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:08:37.791Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["message"] == "2022-02-13T11:09:44.393Z ACCEPT host=::ffff:49.88.112.72 port=34132 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["timestamp"] == "2022-02-13T11:09:44.393Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"] == "2022-02-13T11:09:44.393Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"] == "2022-02-13T11:09:44.393Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:09:44.393Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["message"] == "2022-02-13T11:11:02.770Z ACCEPT host=::ffff:49.88.112.72 port=60016 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["timestamp"] == "2022-02-13T11:11:02.770Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"] == "2022-02-13T11:11:02.77Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"] == "2022-02-13T11:11:02.77Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:11:02.77Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["timestamp"] == "2022-02-13T11:14:19.500Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["message"] == "2022-02-13T11:14:19.500Z ACCEPT host=::ffff:49.88.112.72 port=53678 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"] == "2022-02-13T11:14:19.5Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["timestamp"] == "2022-02-13T11:14:19.500Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"] == "2022-02-13T11:14:19.5Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:14:19.5Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["message"] == "2022-02-13T11:17:17.528Z ACCEPT host=::ffff:49.88.112.72 port=31454 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["timestamp"] == "2022-02-13T11:17:17.528Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["timestamp"] == "2022-02-13T11:17:17.528Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["timestamp"] == "2022-02-13T11:17:17.528Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:17:17.528Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["message"] == "2022-02-13T11:18:44.156Z ACCEPT host=::ffff:49.88.112.72 port=16564 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["timestamp"] == "2022-02-13T11:18:44.156Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["message"] == "2022-02-13T11:18:44.156Z ACCEPT host=::ffff:49.88.112.72 port=16564 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["log_type"] == "endlessh_accept" @@ -1434,18 +1654,20 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["timestamp"] == "2022-02-13T11:18:44.156Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:18:44.156Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["message"] == "2022-02-13T11:21:17.441Z ACCEPT host=::ffff:165.232.112.160 port=57056 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["source_ip"] == "165.232.112.160" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["timestamp"] == "2022-02-13T11:21:17.441Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["timestamp"] == "2022-02-13T11:21:17.441Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["source_ip"] == "165.232.112.160" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["timestamp"] == "2022-02-13T11:21:17.441Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:21:17.441Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["message"] == "2022-02-13T11:22:29.229Z ACCEPT host=::ffff:49.88.112.72 port=40785 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["program"] == "endlessh" @@ -1458,23 +1680,25 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["timestamp"] == "2022-02-13T11:22:29.229Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:22:29.229Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["message"] == "2022-02-13T11:23:25.867Z ACCEPT host=::ffff:49.88.112.72 port=17785 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["timestamp"] == "2022-02-13T11:23:25.867Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["timestamp"] == "2022-02-13T11:23:25.867Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["timestamp"] == "2022-02-13T11:23:25.867Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:23:25.867Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["message"] == "2022-02-13T11:24:55.313Z ACCEPT host=::ffff:49.88.112.72 port=45482 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["timestamp"] == "2022-02-13T11:24:55.313Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["message"] == "2022-02-13T11:24:55.313Z ACCEPT host=::ffff:49.88.112.72 port=45482 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["log_type"] == "endlessh_accept" @@ -1482,6 +1706,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["timestamp"] == "2022-02-13T11:24:55.313Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:24:55.313Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["message"] == "2022-02-13T11:26:32.620Z ACCEPT host=::ffff:49.88.112.72 port=25911 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["program"] == "endlessh" @@ -1494,54 +1719,59 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["timestamp"] == "2022-02-13T11:26:32.62Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:26:32.62Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["message"] == "2022-02-13T11:31:02.471Z ACCEPT host=::ffff:49.88.112.72 port=54164 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["timestamp"] == "2022-02-13T11:31:02.471Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["timestamp"] == "2022-02-13T11:31:02.471Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:31:02.471Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["message"] == "2022-02-13T11:33:08.053Z ACCEPT host=::ffff:49.88.112.72 port=56498 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["timestamp"] == "2022-02-13T11:33:08.053Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["message"] == "2022-02-13T11:33:08.053Z ACCEPT host=::ffff:49.88.112.72 port=56498 fd=4 n=1/4096" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["timestamp"] == "2022-02-13T11:33:08.053Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["timestamp"] == "2022-02-13T11:33:08.053Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:33:08.053Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["message"] == "2022-02-13T11:34:11.826Z ACCEPT host=::ffff:49.88.112.72 port=46301 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["timestamp"] == "2022-02-13T11:34:11.826Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["timestamp"] == "2022-02-13T11:34:11.826Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["timestamp"] == "2022-02-13T11:34:11.826Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:34:11.826Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Parsed["timestamp"] == "2022-02-13T11:35:59.307Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Parsed["message"] == "2022-02-13T11:35:59.307Z ACCEPT host=::ffff:49.88.112.72 port=39949 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Parsed["timestamp"] == "2022-02-13T11:35:59.307Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["timestamp"] == "2022-02-13T11:35:59.307Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:35:59.307Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][26].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Parsed["message"] == "2022-02-13T11:37:11.459Z ACCEPT host=::ffff:49.88.112.72 port=19005 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Parsed["program"] == "endlessh" @@ -1554,23 +1784,25 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Meta["timestamp"] == "2022-02-13T11:37:11.459Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:37:11.459Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][27].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Parsed["message"] == "2022-02-13T11:39:14.349Z ACCEPT host=::ffff:49.88.112.72 port=52296 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Parsed["timestamp"] == "2022-02-13T11:39:14.349Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Parsed["message"] == "2022-02-13T11:39:14.349Z ACCEPT host=::ffff:49.88.112.72 port=52296 fd=4 n=1/4096" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["timestamp"] == "2022-02-13T11:39:14.349Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:39:14.349Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][28].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Parsed["message"] == "2022-02-13T11:40:27.877Z ACCEPT host=::ffff:49.88.112.72 port=42606 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Parsed["timestamp"] == "2022-02-13T11:40:27.877Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Parsed["message"] == "2022-02-13T11:40:27.877Z ACCEPT host=::ffff:49.88.112.72 port=42606 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Meta["log_type"] == "endlessh_accept" @@ -1578,35 +1810,38 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Meta["timestamp"] == "2022-02-13T11:40:27.877Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:40:27.877Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][29].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Parsed["message"] == "2022-02-13T11:41:51.108Z ACCEPT host=::ffff:49.88.112.72 port=61157 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Parsed["timestamp"] == "2022-02-13T11:41:51.108Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["timestamp"] == "2022-02-13T11:41:51.108Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Meta["timestamp"] == "2022-02-13T11:41:51.108Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:41:51.108Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][30].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Parsed["message"] == "2022-02-13T11:44:54.352Z ACCEPT host=::ffff:49.88.112.72 port=34267 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Parsed["timestamp"] == "2022-02-13T11:44:54.352Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["timestamp"] == "2022-02-13T11:44:54.352Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Meta["timestamp"] == "2022-02-13T11:44:54.352Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:44:54.352Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][31].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Parsed["timestamp"] == "2022-02-13T11:44:56.120Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Parsed["message"] == "2022-02-13T11:44:56.120Z ACCEPT host=::ffff:141.98.11.27 port=59032 fd=5 n=2/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Parsed["source_ip"] == "141.98.11.27" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Parsed["timestamp"] == "2022-02-13T11:44:56.120Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Meta["log_type"] == "endlessh_accept" @@ -1614,90 +1849,98 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Meta["source_ip"] == "141.98.11.27" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Meta["timestamp"] == "2022-02-13T11:44:56.12Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:44:56.12Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][32].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Parsed["message"] == "2022-02-13T11:46:41.715Z ACCEPT host=::ffff:49.88.112.72 port=49347 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Parsed["timestamp"] == "2022-02-13T11:46:41.715Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Parsed["message"] == "2022-02-13T11:46:41.715Z ACCEPT host=::ffff:49.88.112.72 port=49347 fd=4 n=1/4096" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["timestamp"] == "2022-02-13T11:46:41.715Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:46:41.715Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][33].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Parsed["message"] == "2022-02-13T11:47:58.463Z ACCEPT host=::ffff:49.88.112.72 port=54927 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Parsed["timestamp"] == "2022-02-13T11:47:58.463Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["service"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["timestamp"] == "2022-02-13T11:47:58.463Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Meta["timestamp"] == "2022-02-13T11:47:58.463Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:47:58.463Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][34].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Parsed["message"] == "2022-02-13T11:49:31.344Z ACCEPT host=::ffff:49.88.112.72 port=12208 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Parsed["timestamp"] == "2022-02-13T11:49:31.344Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["timestamp"] == "2022-02-13T11:49:31.344Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:49:31.344Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][35].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Parsed["message"] == "2022-02-13T11:51:35.252Z ACCEPT host=::ffff:212.192.246.173 port=35630 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Parsed["source_ip"] == "212.192.246.173" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.252Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["source_ip"] == "212.192.246.173" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["timestamp"] == "2022-02-13T11:51:35.252Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["source_ip"] == "212.192.246.173" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Meta["timestamp"] == "2022-02-13T11:51:35.252Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:51:35.252Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][36].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.359Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Parsed["message"] == "2022-02-13T11:51:35.359Z ACCEPT host=::ffff:49.88.112.72 port=62525 fd=5 n=2/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Parsed["program"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["timestamp"] == "2022-02-13T11:51:35.359Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Parsed["timestamp"] == "2022-02-13T11:51:35.359Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Meta["timestamp"] == "2022-02-13T11:51:35.359Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:51:35.359Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][37].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Parsed["timestamp"] == "2022-02-13T11:52:44.396Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Parsed["message"] == "2022-02-13T11:52:44.396Z ACCEPT host=::ffff:49.88.112.72 port=19429 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Parsed["program"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Parsed["timestamp"] == "2022-02-13T11:52:44.396Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["timestamp"] == "2022-02-13T11:52:44.396Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:52:44.396Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][38].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Parsed["message"] == "2022-02-13T11:54:17.557Z ACCEPT host=::ffff:49.88.112.72 port=19439 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Parsed["timestamp"] == "2022-02-13T11:54:17.557Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["timestamp"] == "2022-02-13T11:54:17.557Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Meta["timestamp"] == "2022-02-13T11:54:17.557Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:54:17.557Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][39].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Parsed["message"] == "2022-02-13T11:56:13.717Z ACCEPT host=::ffff:49.88.112.72 port=10422 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Parsed["program"] == "endlessh" @@ -1710,23 +1953,25 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Meta["timestamp"] == "2022-02-13T11:56:13.717Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:56:13.717Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][40].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Parsed["message"] == "2022-02-13T11:57:16.679Z ACCEPT host=::ffff:49.88.112.72 port=50896 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Parsed["timestamp"] == "2022-02-13T11:57:16.679Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Parsed["message"] == "2022-02-13T11:57:16.679Z ACCEPT host=::ffff:49.88.112.72 port=50896 fd=4 n=1/4096" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["timestamp"] == "2022-02-13T11:57:16.679Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["datasource_path"] == "endlessh-logs.log" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:57:16.679Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][41].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Parsed["message"] == "2022-02-13T11:59:32.884Z ACCEPT host=::ffff:49.88.112.72 port=36242 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Parsed["timestamp"] == "2022-02-13T11:59:32.884Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Parsed["message"] == "2022-02-13T11:59:32.884Z ACCEPT host=::ffff:49.88.112.72 port=36242 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Meta["log_type"] == "endlessh_accept" @@ -1734,18 +1979,20 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Meta["timestamp"] == "2022-02-13T11:59:32.884Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Enriched["MarshaledTime"] == "2022-02-13T11:59:32.884Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][42].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Parsed["message"] == "2022-02-13T12:00:47.800Z ACCEPT host=::ffff:49.88.112.72 port=22220 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Parsed["timestamp"] == "2022-02-13T12:00:47.800Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["service"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["timestamp"] == "2022-02-13T12:00:47.8Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:00:47.8Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][43].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Parsed["message"] == "2022-02-13T12:01:59.882Z ACCEPT host=::ffff:49.88.112.72 port=42827 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Parsed["program"] == "endlessh" @@ -1758,6 +2005,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Meta["timestamp"] == "2022-02-13T12:01:59.882Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:01:59.882Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][44].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Parsed["message"] == "2022-02-13T12:03:21.948Z ACCEPT host=::ffff:49.88.112.72 port=28744 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Parsed["program"] == "endlessh" @@ -1770,23 +2018,25 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Meta["timestamp"] == "2022-02-13T12:03:21.948Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:03:21.948Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][45].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Parsed["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Parsed["timestamp"] == "2022-02-13T12:05:00.857Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Parsed["message"] == "2022-02-13T12:05:00.857Z ACCEPT host=::ffff:49.88.112.72 port=53672 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Parsed["program"] == "endlessh" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["source_ip"] == "49.88.112.72" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["timestamp"] == "2022-02-13T12:05:00.857Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Parsed["timestamp"] == "2022-02-13T12:05:00.857Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["log_type"] == "endlessh_accept" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Meta["timestamp"] == "2022-02-13T12:05:00.857Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:05:00.857Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][46].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Parsed["message"] == "2022-02-13T12:06:32.107Z ACCEPT host=::ffff:49.88.112.72 port=53082 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Parsed["timestamp"] == "2022-02-13T12:06:32.107Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Parsed["message"] == "2022-02-13T12:06:32.107Z ACCEPT host=::ffff:49.88.112.72 port=53082 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Meta["log_type"] == "endlessh_accept" @@ -1794,11 +2044,12 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Meta["timestamp"] == "2022-02-13T12:06:32.107Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:06:32.107Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][47].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Parsed["message"] == "2022-02-13T12:12:43.171Z ACCEPT host=::ffff:49.88.112.72 port=33459 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Parsed["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Parsed["timestamp"] == "2022-02-13T12:12:43.171Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Parsed["message"] == "2022-02-13T12:12:43.171Z ACCEPT host=::ffff:49.88.112.72 port=33459 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Meta["log_type"] == "endlessh_accept" @@ -1806,11 +2057,12 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Meta["timestamp"] == "2022-02-13T12:12:43.171Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:12:43.171Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][48].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Success == true -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Parsed["timestamp"] == "2022-02-13T12:14:06.577Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Parsed["message"] == "2022-02-13T12:14:06.577Z ACCEPT host=::ffff:49.88.112.72 port=25804 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Parsed["program"] == "endlessh" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Parsed["source_ip"] == "49.88.112.72" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Parsed["timestamp"] == "2022-02-13T12:14:06.577Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Meta["datasource_path"] == "endlessh-logs.log" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Meta["datasource_type"] == "file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Meta["log_type"] == "endlessh_accept" @@ -1818,6 +2070,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Meta["source_ip"] == "49.88.112.72" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Meta["timestamp"] == "2022-02-13T12:14:06.577Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:14:06.577Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][49].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Parsed["message"] == "2022-02-13T12:17:31.839Z ACCEPT host=2001:db8:85a3:8d3:1319:8a2e:370:7348 port=54185 fd=4 n=1/4096" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Parsed["program"] == "endlessh" @@ -1830,4 +2083,31 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Meta["service"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Meta["source_ip"] == "2001:db8:85a3:8d3:1319:8a2e:370:7348" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Meta["timestamp"] == "2022-02-13T12:17:31.839Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Enriched["MarshaledTime"] == "2022-02-13T12:17:31.839Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][50].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Parsed["message"] == "I0613 10:22:21.684962 1 client.go:58] ACCEPT host=192.168.121.1 port=53598 n=2/4096" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Parsed["program"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Parsed["source_ip"] == "192.168.121.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Parsed["timestamp"] == "0613 10:22:21.684962" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["source_ip"] == "192.168.121.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Meta["timestamp"] == "2024-06-13T10:22:21.684962Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Enriched["MarshaledTime"] == "2024-06-13T10:22:21.684962Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][51].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Parsed["message"] == "I0613 10:22:26.154722 1 client.go:58] ACCEPT host=192.168.121.1 port=53608 n=2/4096" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Parsed["program"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Parsed["source_ip"] == "192.168.121.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Parsed["timestamp"] == "0613 10:22:26.154722" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["datasource_path"] == "endlessh-logs.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["log_type"] == "endlessh_accept" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["service"] == "endlessh" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["source_ip"] == "192.168.121.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Meta["timestamp"] == "2024-06-13T10:22:26.154722Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Enriched["MarshaledTime"] == "2024-06-13T10:22:26.154722Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][52].Evt.Whitelisted == false len(results["success"][""]) == 0 diff --git a/parsers/s01-parse/crowdsecurity/endlessh-logs.yaml b/parsers/s01-parse/crowdsecurity/endlessh-logs.yaml index d57361adee0..33d5b28edd6 100644 --- a/parsers/s01-parse/crowdsecurity/endlessh-logs.yaml +++ b/parsers/s01-parse/crowdsecurity/endlessh-logs.yaml @@ -3,9 +3,19 @@ filter: "evt.Parsed.program == 'endlessh'" name: crowdsecurity/endlessh-logs description: "Parse Endlessh logs" pattern_syntax: + ENDLESSH_GO_DATE: "%{MONTHNUM2}%{DAY2} %{TIME}" + ENDLESSH_GO_LINE: "I%{ENDLESSH_GO_DATE:timestamp}.*\\] ACCEPT host=%{IP:source_ip} " ENDLESSH_ACCEPT_V4: "%{TIMESTAMP_ISO8601:timestamp}? ACCEPT host=(::ffff:)?%{IPV4:source_ip} " ENDLESSH_ACCEPT_V6: "%{TIMESTAMP_ISO8601:timestamp}? ACCEPT host=%{IPV6:source_ip} " nodes: + - grok: + name: "ENDLESSH_GO_LINE" + apply_on: Line.Raw + statics: + - meta: log_type + value: endlessh_accept + - target: evt.StrTimeFormat + value: "0102 15:04:05" - grok: name: "ENDLESSH_ACCEPT_V4" apply_on: Line.Raw @@ -18,6 +28,7 @@ nodes: statics: - meta: log_type value: endlessh_accept + statics: - meta: service value: endlessh