diff --git a/fortisoar-soc-simulator/scenarios/default/scenario_record.json b/fortisoar-soc-simulator/scenarios/default/scenario_record.json index bc9b4b4..1d657c2 100644 --- a/fortisoar-soc-simulator/scenarios/default/scenario_record.json +++ b/fortisoar-soc-simulator/scenarios/default/scenario_record.json @@ -73,7 +73,7 @@ "source": "Syslog", "status": "Open", "severity": "low", - "sourceIp": "{TR_MALICIOUS_IP}", + "sourceIp": "<>", "sourceType": "linux_secure", "sourcedata": "{\"host\":\"marketing.server.1\",\"rhost\":\"43.225.46.25\",\"pid\":\"5654\",\"_confstr\":\"source::/var/log/secure|host::ip-10-1-3-106|linux_secure\",\"date_zone\":\"local\",\"_eventtype_color\":\"\",\"_indextime\":\"1500279602\",\"euid\":\"0\",\"timeendpos\":\"16\",\"date_hour\":\"8\",\"source\":\"/var/log/secure\",\"process\":\"sshd\",\"date_wday\":\"monday\",\"_serial\":\"8\",\"_kv\":\"1\",\"punct\":\"__::_----_[]:_(:):__;_=_=_=_=_=_=...__=\",\"_sourcetype\":\"linux_secure\",\"_raw\":\"Jul 17 08:20:02 192.168.60.172 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.225.46.25 user=root\",\"_si\":[\"10.1.3.32\",\"main\"],\"securonix_server\":\"10.1.3.32\",\"sourcetype\":\"linux_secure\",\"date_month\":\"july\",\"index\":\"main\",\"timestartpos\":\"0\",\"eventtype\":\"\",\"user\":\"root\",\"date_mday\":\"17\",\"linecount\":\"\",\"tty\":\"ssh\",\"event_id\":\"3F3CBAA2-CB55-4976-95EA-3627677F1EE3@@main@@00f9a277c2dce41ac744d522c35f8ccb\",\"uid\":\"0\",\"_time\":\"1500279602\",\"date_minute\":\"20\",\"date_year\":\"2017\",\"date_second\":\"2\"}", "description": "

Suspicious Login Failures on asset marketing.server.1 from 43.225.46.25 

", @@ -420,4 +420,4 @@ } ], "type": "scenario" - } \ No newline at end of file + }