diff --git a/Tools/Syslog-cef-data-replicator/Customizations/fortigate_customizations.json b/Tools/Syslog-cef-data-replicator/Customizations/fortigate_customizations.json new file mode 100644 index 00000000000..baec95b1c73 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Customizations/fortigate_customizations.json @@ -0,0 +1,39 @@ +{ + "fullSchema":{}, + "customizations":{ + "version":{"data_type":"Integer", "values": [0]}, + "deviceVendor": {"data_type":"String", "values": ["CISCO","JUNIPER","Fortinet","MSFT"]}, + "deviceProduct": {"data_type":"String", "values": ["Cortex","Vertex","Fortigate", "WSF"]}, + "deviceVersion": {"data_type":"String", "values": ["2","19","34"]}, + "signatureId": {"data_type":"String", "values": ["3.6.0.3","3.4.0.6","5.6.7.8","1.6.1.3","9.6.1.7","1.9.0.2","1.89.12.3","14.61.0.31","19.6.01.36"]}, + "name": {"data_type":"String", "values": ["Phishing","TROJAN_GIPPERS.DC","services-health","Monitoring"]}, + "severity": {"data_type":"Integer", "values": [1,2,3,4,5,6,7,8,9]}, + "deviceExternalId": {"data_type":"String", "values": ["FGVMEV9XTHSMYCCF","FGVMEV9XPDFRYYCCF","FGVMEV9XPEPFOCFR"]}, + "FTNTFGTlogid": {"data_type":"String", "values": ["0100026001","010004554","01566fjj56"]}, + "cat": {"data_type":"String", "values": ["event","alert","traffic"]}, + "direction": {"data_type":"String", "values": ["egress","ingress","in"]}, + "FTNTFGTsubtype": {"data_type":"String", "values": ["system"]}, + "origisationname": {"data_type":"String", "values": ["Fortigate","CISCO"]}, + "origin": {"data_type":"String", "values": ["NA","NULL",""]}, + "logid": {"data_type":"String", "values": ["562ed3w","dfdf564s","3455frs"]}, + "dst_country": {"data_type":"String", "values": ["US","Canada","Bhutan"]}, + "dst": {"data_type":"String", "values": ["67.21.32.78","201.32.13.56","76.62.201.10"]}, + "src": {"data_type":"String", "values": ["101.21.21.1","67.23.21.90","82.78.9.87"]}, + "ifname": {"data_type":"String", "values": ["eth0","eth1"]}, + "product": {"data_type":"String", "values": ["FortiWeb","Prisma","Fortigate", "WAF"]}, + "dpt": {"data_type":"Integer", "values": [1233, 3456, 6738]}, + "spt": {"data_type":"Integer", "values": [7837,8929,7832,8729]}, + "start1": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"}, + "end1": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"}, + "ISOTimeStamp": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"} + }, + "SyslogMessage":{ + "headerTemplate": "DateTime HostName", + "syslog_message_template":{"values": "{hostName} {application} {pid} {messageId}: {structured_data} {message}"}, + "syslog_header_fields": {"values": ["hostName", "application", "pid", "messageId"]}, + "syslog_header_fields_dummy": {"values":"{\"priority\": \"139\", \"version\": \"1\",\"ISOTimeStamp\": \"2022-03-31 11:59:59\",\"hostName\": \"SYSLOG_Host\",\"application\": \"SYSLOG_App\", \"pid\": \"process\",\"messageId\": \"1234\"}"}, + "KVDelimiter": {"values": "="}, + "fieldDelimiter": {"values": " "}, + "headerDelimiter": {"values": ":"} + } +} \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Customizations/generic_customizations.json b/Tools/Syslog-cef-data-replicator/Customizations/generic_customizations.json new file mode 100644 index 00000000000..baec95b1c73 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Customizations/generic_customizations.json @@ -0,0 +1,39 @@ +{ + "fullSchema":{}, + "customizations":{ + "version":{"data_type":"Integer", "values": [0]}, + "deviceVendor": {"data_type":"String", "values": ["CISCO","JUNIPER","Fortinet","MSFT"]}, + "deviceProduct": {"data_type":"String", "values": ["Cortex","Vertex","Fortigate", "WSF"]}, + "deviceVersion": {"data_type":"String", "values": ["2","19","34"]}, + "signatureId": {"data_type":"String", "values": ["3.6.0.3","3.4.0.6","5.6.7.8","1.6.1.3","9.6.1.7","1.9.0.2","1.89.12.3","14.61.0.31","19.6.01.36"]}, + "name": {"data_type":"String", "values": ["Phishing","TROJAN_GIPPERS.DC","services-health","Monitoring"]}, + "severity": {"data_type":"Integer", "values": [1,2,3,4,5,6,7,8,9]}, + "deviceExternalId": {"data_type":"String", "values": ["FGVMEV9XTHSMYCCF","FGVMEV9XPDFRYYCCF","FGVMEV9XPEPFOCFR"]}, + "FTNTFGTlogid": {"data_type":"String", "values": ["0100026001","010004554","01566fjj56"]}, + "cat": {"data_type":"String", "values": ["event","alert","traffic"]}, + "direction": {"data_type":"String", "values": ["egress","ingress","in"]}, + "FTNTFGTsubtype": {"data_type":"String", "values": ["system"]}, + "origisationname": {"data_type":"String", "values": ["Fortigate","CISCO"]}, + "origin": {"data_type":"String", "values": ["NA","NULL",""]}, + "logid": {"data_type":"String", "values": ["562ed3w","dfdf564s","3455frs"]}, + "dst_country": {"data_type":"String", "values": ["US","Canada","Bhutan"]}, + "dst": {"data_type":"String", "values": ["67.21.32.78","201.32.13.56","76.62.201.10"]}, + "src": {"data_type":"String", "values": ["101.21.21.1","67.23.21.90","82.78.9.87"]}, + "ifname": {"data_type":"String", "values": ["eth0","eth1"]}, + "product": {"data_type":"String", "values": ["FortiWeb","Prisma","Fortigate", "WAF"]}, + "dpt": {"data_type":"Integer", "values": [1233, 3456, 6738]}, + "spt": {"data_type":"Integer", "values": [7837,8929,7832,8729]}, + "start1": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"}, + "end1": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"}, + "ISOTimeStamp": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"} + }, + "SyslogMessage":{ + "headerTemplate": "DateTime HostName", + "syslog_message_template":{"values": "{hostName} {application} {pid} {messageId}: {structured_data} {message}"}, + "syslog_header_fields": {"values": ["hostName", "application", "pid", "messageId"]}, + "syslog_header_fields_dummy": {"values":"{\"priority\": \"139\", \"version\": \"1\",\"ISOTimeStamp\": \"2022-03-31 11:59:59\",\"hostName\": \"SYSLOG_Host\",\"application\": \"SYSLOG_App\", \"pid\": \"process\",\"messageId\": \"1234\"}"}, + "KVDelimiter": {"values": "="}, + "fieldDelimiter": {"values": " "}, + "headerDelimiter": {"values": ":"} + } +} \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/README.md b/Tools/Syslog-cef-data-replicator/README.md new file mode 100644 index 00000000000..5755ec6cf8c --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/README.md @@ -0,0 +1,228 @@ +# Syslog or CEF over Syslog data replication +Author: Anki Narravula - Reachout to anknar@microsoft.com incase of any issues or clarifications required + +## Description +This repository contains a console application (Python) that helps to replicate data in Syslog or CEF over syslog format by using sample events. Users need to input a file with sample data in it (minimum 1 event) to start generating the syslog traffic. User can use this tool to mimic as any Syslog datasource (device). Data will be sent to a specified destination address (where we have AMA / LA agent installed here to receive the data) over TCP or UDP 514 port. Further AMA/LA agent can send to Sentinel as per configurations defined on the agent node. To deploy a log forwarder to ingest Syslog and CEF logs to Microsoft Sentinel refer - https://docs.microsoft.com/azure/sentinel/connect-log-forwarder?tabs=rsyslog + + If you are trying to see specific values for the fields (in case of CEF data), for example deviceVendor need to be always from the array of values ["Fortinet","CISCO","Microsoft"] or any timestamp field should set to current etc then we need to input a file where we have such customizations defined. Otherwise we dont require to input this file. + +## Prerequisites + +- Make sure we have python installed on the system where we are running this utility +- Sample data (File name and path) is mandatory parameter for invocation. Make sure you have it ready +- Log forwarding agent is configured already and have IP Address and host name handy +- Make sure firewall is not blockiign the traffic flow from source (where we are running this utlity) and destination (where we have log forwarder configured) + +## How to use + +We have 2 flavors +1. Generating syslog / cef traffic using raw log +2. Generating syslog / cef traffic using csv file (deprecated) + +### 1. Generating syslog / cef traffic using raw log + +- Step 0: Download the package + ``` + sudo apt-get install zip unzip + wget https://github.com/Azure/Azure-Sentinel/blob/SyslogDataReplication/Tools/Syslog-cef-data-replicator/syslog_cef_data_replicator.zip?raw=true + unzip syslog_cef_data_replicator.zip + ``` + +- Step 1: Make sure raw log present in a file (with any extension) and each record separated by new line char (\n) + + For example: + + Inflobox NIOS raw logs: + + + May 13 2022 12:05:52 10.0.0.0 dhcpd[30174]: DHCPDISCOVER from 0a:0b:0c:0d::0f via eth2 TransID 5daf9374: network 10.0.0.0/24: no free leases + May 13 2022 12:05:52 10.1.1.1 named[11325]: zone voip.abc.com/IN: ZRQ applied transaction 0101010 with SOA serial 9191919. Zone version is now 0202020. + May 13 2022 12:05:52 10.0.0.0 dhcpd[30174]: DHCPDISCOVER from 0a:0b:0c:0d::0f via eth2 TransID 5daf9374: network 10.0.0.0/24: no free leases + May 13 2022 12:05:52 10.1.1.1 named[11325]: zone voip.abc.com/IN: ZRQ applied transaction 0101010 with SOA serial 9191919. Zone version is now 0202020. + + + CISCO Meraki raw logs: + + 1377449842.514782056 MX84 ids-alerts : signature=129:4:1 priority=3 timestamp=1377449842.512569 direction=ingress protocol=tcp/ip src=74.125.140.132:80 + 1380664994.337961231 MX84 events : type=vpn_connectivity_change vpn_type='site-to-site' peer_contact='98.68.191.209:51856' peer_ident='2814ee002c075181bb1b7478ee073860' connectivity='true' + 1377448470.246576346 MX84 ids-alerts : signature=119:15:1 priority=2 timestamp=1377448470.238064 direction=egress protocol=tcp/ip src=192.168.111.254:56240 signature=1:28423:1 priority=1 timestamp=1468531589.810079 dhost=98:5A:EB:E1:81:2F direction=ingress protocol=tcp/ip src=151.101.52.238:80 dst=192.168.128.2:53023 message: EXPLOIT-KIT Multiple exploit kit single digit exe detection url=http://www.eicar.org/download/eicar.com.txt src=192.168.128.2:53150 dst=188.40.238.250:80 mac=98:5A:EB:E1:81:2F name='EICAR:EICAR_Test_file_not_a_virus-tpd'// 1563249630.774247467 remote_DC1_appliance security_event ids_alerted signature=1:41944:2 priority=1 timestamp=TIMESTAMPEPOCH.647461 dhost=74:86:7A:D9:D7:AA direction=ingress protocol=tcp/ip src=23.6.199.123:80 dst=10.1.10.51:56938 message: BROWSER-IE Microsoft Edge scripting engine security bypass css attempt + 1380653443.857790533 MR18 events : type=device_packet_flood radio='0' state='end' alarm_id='4' reason='left_channel' airmarshal_events type= rogue_ssid_detected ssid='' bssid='02:18:5A:AE:56:00' src='02:18:5A:AE:56:00' dst='02:18:6A:13:09:D0' wired_mac='00:18:0A:AE:56:00' vlan_id='0' channel='157' rssi='21' fc_type='0' fc_subtype='5' + 1380653443.857790533 MS220_8P events : type=8021x_eap_success port='' identity='employee@ikarem.com' + 1374543213.342705328 MX84 urls : src=192.168.1.186:63735 dst=69.58.188.40:80 mac=58:1F:AA:CE:61:F2 request: GET https://... + 1374543986.038687615 MX84 flows : src=192.168.1.186 dst=8.8.8.8 mac=58:1F:AA:CE:61:F2 protocol=udp sport=55719 dport=53 pattern: allow all + + +- Step 2: Save in same folder as script exist, name and extension can be any thing. If file is at different location then we need to provide complete path +- Step 3: Navigate to the script path, where syslogfromraw.py exists + For example, if script exists in C:\Repositories\Anki-Playground\SyslogReplicator then run + cd C:\Repositories\Anki-Playground\SyslogReplicator +- Step 4: You can try with the following commands + + ``` + 1. python syslogfromraw.py --host "13.87.202.58" --port 514 --eventtype "syslog" --cust_file fortigate_customizations.json syslog_meraki_raw.log + 2. python syslogfromraw.py --host "13.87.202.58" --port 514 --eventtype "syslog" syslog_meraki_raw.log + 3. python syslogfromraw.py --host "13.87.202.58" --port 514 --eventtype "cef" --cust_file fortigate_customizations.json cef_microsoft_ata.log + 4. python syslogfromraw.py --host "13.87.202.58" --port 514 --eventtype "cef" cef_microsoft_ata.log + + + arguments: + + --cust_file (optional – Name of the file where we have customizations defined) + --port (optional – default is 514 if not specified) + --host (optional – default is localhost if not specified) + --eventtype (optional – default is cef if not specified) + --eps (optional – default is 100 if not specified) + Name of the file where we have same data is mandatory like python syslogfromcsv.py cef_microsoft_ata.log + ``` +- Step 5: (Optional) Run the script multiple time to achieve higer EPS. + + During testing we have observed that with single invocation of this script we can get upto 100 EPS volume. If you want to get the more EPS, you need to run the script multiple times in the in the background. + ``` + #!/usr/bin/env python3 + chmod +x syslogfromraw.py + nohup /path/to/syslogfromraw.py & + or + nohup python /path/to/syslogfromraw.py & + ``` +- Step 6: (Optional) Use azure batch account and data factory for achieving higher EPS + + Setting up batch account and VMs pool + - You can find the details here https://docs.microsoft.com/azure/batch/accounts and https://docs.microsoft.com/azure/batch/nodes-and-pools + + Upload scripts and sample data (and customization file) to storage account + - Find more details here - https://docs.microsoft.com/azure/storage/blobs/storage-quickstart-blobs-portal + + Create data factory pipeline with azure batch task + - You can find more details here - https://techcommunity.microsoft.com/t5/azure-paas-blog/configure-a-simple-azure-batch-job-with-azure-data-factory/ba-p/2260759 + + Schedule data factory job to run for every 10 minutes + - More details are here - https://docs.microsoft.com/azure/data-factory/how-to-create-schedule-trigger?tabs=data-factory + + Important tips: + + - Have 1 task(activity) for each 100 EPS (during our testing, we found out that this is ideal) + - For example, If you want 5000 EPS throuput, then have 50 parallell tasks / activities running (each task throughputs 100 EPS) + - ![image](https://user-images.githubusercontent.com/10404181/186093885-3c7bfd1c-2e58-4328-b296-bf017d23b564.png) + + - Schedule pipeline with 10 mins frequency and enable to kill previous taks before starting new activity. (Set timeout to lesser than 10 minutes) + - ![image](https://user-images.githubusercontent.com/10404181/186095028-d4854978-d4fd-4866-8756-223fd59d69c8.png) + + - Use local ip addres to send the logs (which will give good throuput). Have agent and batch account's nodes in the same network + - ![image](https://user-images.githubusercontent.com/10404181/186095413-6bb22cb0-2e64-4b3a-a2c8-0e1c6dadeb20.png) + + ``` + python syslogfromraw.py --host "10.4.87.1" --port 514 --eventtype "syslog" --cust_file fortigate_customizations.json syslog_meraki_raw.log + python syslogfromraw.py --host "localhost" --port 514 --eventtype "syslog" --cust_file fortigate_customizations.json syslog_meraki_raw.log + ``` + + - If possible have agent installed locally on the batch account nodes + - On Agent node - Make sure you stop the logging into /var/log/syslog, otherwise you may get into memory issues + + ``` + cd /etc/rsyslog.d/ + nano 50-default.conf + //Comment the line that stores the logs into /var/log/syslog + service rsyslog restart + ``` + +### 2. Generating syslog / cef traffic using csv file + +- Step 1: Make sure csv file present with header and at least 1 record, records are separated by new line char (\n) + For example: + FortiGate sample data in syslog converted into csv: + + ![image](https://user-images.githubusercontent.com/10404181/170849664-3442063e-a401-4166-87b0-7ac90429c4d3.png) + + Note: For CEF traffic, make sure header fields also exists in csv along with the structured data. + +- Step 2: Save in same folder as script exist, name and extension can be any thing +- Step 3: Navigate to the script path, where syslogfromraw.py exists + For example, if script exists in C:\Repositories\Anki-Playground\SyslogReplicator then run + cd C:\Repositories\Anki-Playground\SyslogReplicator +- Step 4: You can try with the following commands + + ``` + 1. python syslogfromcsv.py --host "13.87.202.58" --port 514 --eventtype "syslog" --cust_file 'fortigate_customizations.json' syslog_fortigate_sample_data.csv + 2. python syslogfromcsv.py --host "13.87.202.58" --port 514 --eventtype "syslog" syslog_fortigate_sample_data.csv + 3. python syslogfromcsv.py --host "13.87.202.58" --port 514 --eventtype ‘cef’ --cust_file 'fortigate_customizations.json' cef_fortigate_sample_data.csv + 4. python syslogfromcsv.py --host "13.87.202.58" --port 514 --eventtype ‘cef’ cef_fortigate_sample_data.csv + + arguments: + --cust_file (optional – Name of the file where we have customizations defined) + --port (optional – default is 514 if not specified) + --host (optional – default is localhost if not specified) + --eventtype (optional – default is cef if not specified) + --eps (optional – default is 100 if not specified) + Name of the file where we have same data is mandatory like python syslogfromcsv.py cef_fortigate_sample_data.csv + ``` + +## Additional information: + +### How to capture the original or raw data +We have several ways to capture the original data that comes from syslog devices and that is getting ingested into syslog-ng or rsyslog sever. One of the way is to capture the traces on syslog-ng or rsyslog server over 514 port. You can use the following command to captre the traffic into pacp file + + sudo tcpdump -s 0 -Ani any port 514 -vv -w /var/log/syslog.pcap + +![image](https://user-images.githubusercontent.com/10404181/171227166-a146f7e1-a27a-414e-9c68-bee23dee22a8.png) + +Once we have the pcap file, we can visualize the events using utility "tcpick" and export into readable format + + tcpick -C -yP -r syslog.pcap > sampledata.log + nano sampledata.log + +![image](https://user-images.githubusercontent.com/10404181/171228705-d1ef47c8-25ad-4016-9a5f-14aaa2a61c51.png) + + +You use the file sampledata.log further as input for this utility to replicate the data. + +### Log customizations: +While replaying the events, if you would like to customize any fields values (for example src must be one of the IPs from an array _[“23.2.3.42”,”78.3.78.2”,”34.98.0.9”]_ ) this comes handy. You just can mention the name of the field and desired values. Our script picks up the customizations and original values will be replaced with the custom values. + +For example, see below how the customization defiled – + + + "customizations":{ + "version":{"data_type":"Integer", "values": [0]}, + "deviceVendor": {"data_type":"String", "values": ["CISCO","JUNIPER","Fortinet","MSFT"]}, + "deviceProduct": {"data_type":"String", "values": ["Cortex","Vertex","Fortigate", "WSF"]}, + "deviceVersion": {"data_type":"String", "values": ["2","19","34"]}, + "signatureId": {"data_type":"String", "values": ["3.6.0.3","3.4.0.6","5.6.7.8","1.6.1.3","9.6.1.7","1.9.0.2","1.89.12.3","14.61.0.31","19.6.01.36"]}, + "name": {"data_type":"String", "values": ["Phishing","TROJAN_GIPPERS.DC","services-health","Monitoring"]}, + "severity": {"data_type":"Integer", "values": [1,2,3,4,5,6,7,8,9]}, + "deviceExternalId": {"data_type":"String", "values": ["FGVMEV9XTHSMYCCF","FGVMEV9XPDFRYYCCF","FGVMEV9XPEPFOCFR"]}, + "FTNTFGTlogid": {"data_type":"String", "values": ["0100026001","010004554","01566fjj56"]}, + "cat": {"data_type":"String", "values": ["event","alert","traffic"]}, + "direction": {"data_type":"String", "values": ["egress","ingress","in"]}, + "FTNTFGTsubtype": {"data_type":"String", "values": ["system"]}, + "origisationname": {"data_type":"String", "values": ["Fortigate","CISCO"]}, + "origin": {"data_type":"String", "values": ["NA","NULL",""]}, + "logid": {"data_type":"String", "values": ["562ed3w","dfdf564s","3455frs"]}, + "dst_country": {"data_type":"String", "values": ["US","Canada","Bhutan"]}, + "dst": {"data_type":"String", "values": ["67.21.32.78","201.32.13.56","76.62.201.10"]}, + "src": {"data_type":"String", "values": ["101.21.21.1","67.23.21.90","82.78.9.87"]}, + "ifname": {"data_type":"String", "values": ["eth0","eth1"]}, + "product": {"data_type":"String", "values": ["FortiWeb","Prisma","Fortigate", "WAF"]}, + "dpt": {"data_type":"Integer", "values": [1233, 3456, 6738]}, + "spt": {"data_type":"Integer", "values": [7837,8929,7832,8729]}, + "start": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"}, + "end": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"}, + "ISOTimeStamp": {"data_type":"datetime", "values": ["current"], "format":"%Y-%m-%d %H:%M:%S"} + } + + + Store above customizations into a json file as pass file name as an argument (--cust_file) as shown below + +When we have customizations defined, field values from sample events will be replaced by the custom values that are defined in this section. + +### Visualizing events: + + Coming soon + +### Troubleshooting: + + If you are not running this utility where we have LA agent installed and facing some issues, follow guidelines – + + https://dev.azure.com/SupportabilityWork/Azure Security/_wiki/wikis/Azure Sentinel CSS wiki/3822/CEF-Syslog-Step-by-Step-Troubleshooter + https://dev.azure.com/SupportabilityWork/Azure Security/_wiki/wikis/Azure Sentinel CSS wiki/1345/Syslog-Workflow-ASA-Check-Point-Syslog-Palo-Alto-Fortigate-Cisco-CEF + + If you are running locally (where we have LA forwarder installed) then you may not require to validate remote communication part of it, check other troubleshooting steps diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/CiscoStealthWatchRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/CiscoStealthWatchRaw.log new file mode 100644 index 00000000000..f29c23ffa33 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/CiscoStealthWatchRaw.log @@ -0,0 +1,5 @@ +cisco.stealthwatch.test Stealthwatch|7.3|13|0x7C|src=10.243.54.38|dst=10.100.11.12|dstPort=784|proto=6|msg=A watched port number has become active.|fullmessage=IANA-Unassigned (784/tcp) from 10.100.11.12|start=2021-08-19T14:02:30Z|end=|cat=Watch Port Active|alarmID=3F-1F6B-86U2-YUUR-7|sourceHG=Country|targetHG=Catch All|sourceHostSnapshot=https://10.36.52.20/test-page/test.html#/host/10.243.54.38|targetHostSnapshot=https://10.36.52.20/landing-page/abc.html#/host/10.100.11.12|flowCollectorName=flow|flowCollectorIP=10.20.25.23|domain=abcd.example.test|exporterName=|exporterIPAddress =|exporterInfo=|targetUser=|targetHostname=|sourceUser=|alarmStatus=ACTIVE|alarmSev=Major +cisco.stealthwatch.test Stealthwatch|7.3|99|0x7C|src=10.10.10.11|dst=10.237.198.22|dstPort=80|proto=6|msg=The host has been observed doing something bad to another host.|fullmessage=Source Host is http (80/tcp) client to target.host.name (10.237.198.22)|start=2021-08-19T08:48:34Z|end=2021-08-19T08:48:34Z|cat=Anomaly|alarmID=3Y-13Y1-QJJ2-YYA9-U|sourceHG=Department, Inside|targetHG=target, Outside|sourceHostSnapshot=https://10.10.10.20/some/path|targetHostSnapshot=https://10.10.10.20/some/path|flowCollectorName=Collector|flowCollectorIP=10.10.10.20|domain=Corporate Domain|exporterName=exporter.host.name|exporterIPAddress =10.20.30.40|exporterInfo=exporter.host.name (10.20.30.40)|targetUser=admin|targetHostname=www.host.test|sourceUser=admin|alarmStatus=ACTIVE|alarmSev=Critical +cisco.stealthwatch.test Stealthwatch|7.3|99|0x7C|src=10.10.10.11|dst=10.237.198.22|dstPort=80|proto=6|msg=The host has been observed doing something bad to another host.|fullmessage=Source Host is http (80/tcp) client to target.host.name (10.237.198.22)|start=2021-08-19T12:09:27Z|end=2021-08-19T12:09:27Z|cat=Anomaly|alarmID=3Y-13Y1-QJJ2-YYA9-U|sourceHG=Department, Inside|targetHG=target, Outside|sourceHostSnapshot=https://10.10.10.20/some/path|targetHostSnapshot=https://10.10.10.20/some/path|flowCollectorName=Collector|flowCollectorIP=10.10.10.20|domain=Corporate Domain|exporterName=exporter.host.name|exporterIPAddress =10.20.30.40|exporterInfo=exporter.host.name (10.20.30.40)|targetUser=admin|targetHostname=www.host.test|sourceUser=admin|alarmStatus=ACTIVE|alarmSev=Critical +cisco.stealthwatch.test Stealthwatch|7.3|99|0x7C|src=10.10.10.11|dst=10.237.198.22|dstPort=80|proto=6|msg=The host has been observed doing something bad to another host.|fullmessage=Source Host is http (80/tcp) client to target.host.name (10.237.198.22)|start=2021-08-19T13:19:27Z|end=2021-08-19T13:19:27Z|cat=Anomaly|alarmID=3Y-13Q1-QJJ2-YYA9-U|sourceHG=Department, Inside|targetHG=target, Outside|sourceHostSnapshot=https://10.10.10.20/some/path|targetHostSnapshot=https://10.10.10.20/some/path|flowCollectorName=Collector|flowCollectorIP=10.10.10.20|domain=Corporate Domain|exporterName=exporter.host.name|exporterIPAddress =10.20.30.40|exporterInfo=exporter.host.name (10.20.30.40)|targetUser=admin|targetHostname=www.demohost.test|sourceUser=admin|alarmStatus=ACTIVE|alarmSev=Critical +cisco.stealthwatch.test Stealthwatch|7.3|13|0x7C|src=10.243.54.38|dst=10.100.11.12|dstPort=784|proto=6|msg=A watched port number has become active.|fullmessage=IANA-Unassigned (784/tcp) from 10.100.11.12|start=2021-08-19T14:12:30Z|end=|cat=Watch Port Active|alarmID=3X-1F6B-86B2-YQQR-7|sourceHG=Country|targetHG=Catch All|sourceHostSnapshot=https://10.36.52.20/test-page/test.html#/host/10.243.54.38|targetHostSnapshot=https://10.36.52.20/landing-page/abc.html#/host/10.100.11.12|flowCollectorName=flow|flowCollectorIP=10.20.25.23|domain=abcd.ab.example.com|exporterName=|exporterIPAddress =|exporterInfo=|targetUser=operator|targetHostname=|sourceUser=|alarmStatus=ACTIVE|alarmSev=Major \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/CiscoUcsSyslogRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/CiscoUcsSyslogRaw.log new file mode 100644 index 00000000000..039c56029a5 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/CiscoUcsSyslogRaw.log @@ -0,0 +1,184 @@ +samplehost1-b.SAMPLE.com :2011 Apr 19 17:11:12 UTC: %UCSM-6-LOG_CAPACITY: [F0461][info][log-capacity][sys/chassis-1/blade-7/mgmt/log-SEL-0] Log capacity on Management Controller on server 1/7 is very-low +samplehost1-b.SAMPLE.com :2011 Apr 20 14:33:14 UTC: %UCSM-3-CONFIGURATION_FAILURE: [F0327][major][configuration-failure][org-root/ls-test] Service profile test configuration failed due to insufficient-resources,mac-address-assignment,system-uuid-as +samplehost1-b.SAMPLE.com :2011 Apr 20 20:50:25 UTC: %UCSM-3-THERMAL_PROBLEM: [F0382][major][thermal-problem][sys/chassis-1/fan-module-1-1] Fan module 1/1-1 temperature: lower-critical +samplehost1-b.SAMPLE.com :2011 Apr 20 14:33:14 UTC: %UCSM-5-UNASSOCIATED: [F0334][warning][unassociated][org-root/ls-test] Service profile test is not associated +samplehost1-b.SAMPLE.com :2011 Apr 22 16:53:18 UTC: %UCSM-6-EVENT: [E4195931][456249][transition][ucs-username\username][] [FSM:BEGIN]: Hard-reset server sys/chassis-1/blade-7(FSM:sam:dme:ComputePhysicalHardreset) +samplehost1-b.SAMPLE.com :2011 Apr 22 16:53:18 UTC: %UCSM-6-EVENT: [E4195931][456250][transition][ucs-username\username][] [FSM:STAGE:END]:(FSM-STAGE:sam:dme:ComputePhysicalHardreset:begin) +samplehost1-b.SAMPLE.com :2011 Apr 22 16:53:18 UTC: %UCSM-6-EVENT: [E4195932][456251][transition][ucs-username\username][] [FSM:STAGE:ASYNC]: Preparing to check hardware configuration server sys/chassis-1/blade-7(FSM-STAGE:sam:dme:ComputePhysicalHa +samplehost1-b.SAMPLE.com :2011 Apr 22 16:53:23 UTC: %UCSM-6-EVENT: [E4195932][456252][transition][internal][] [FSM:STAGE:STALE-SUCCESS]: Preparing to check hardware configuration server sys/chassis-1/blade-7(FSM-STAGE:sam:dme:ComputePhysicalHardres +samplehost1-b.SAMPLE.com :2011 Apr 22 16:53:23 UTC: %UCSM-6-EVENT: [E4195932][456253][transition][internal][] [FSM:STAGE:END]: Preparing to check hardware configuration server sys/chassis-1/blade-7(FSM-STAGE:sam:dme:ComputePhysicalHardreset:PreSani +samplehost1-b.SAMPLE.com :2011 Apr 25 18:27:01 UTC: %UCSM-6-EVENT: [E4196181][535831][transition][internal][] [FSM:END]: Hard-reset server sys/chassis-1/blade-7(FSM:sam:dme:ComputePhysicalHardreset) +samplehost2-b.SAMPLE.com :2020 Oct 23 06:37:20 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_15651_B][4580594][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost2-b.SAMPLE.com :2020 Oct 23 06:37:20 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_15651_B][4580594][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost2-b.SAMPLE.com :2020 Oct 23 06:37:20 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_15651_B][4580596][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost2-b.SAMPLE.com :2020 Oct 23 06:37:20 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_15651_B][4580596][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost3-a.SAMPLE.com :2020 Sep 23 23:17:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser2][deletion][web_36595_A][4085515][sys/user-ext/user-ucsc_sampleuser9/role-read-only][sys/user-ext/user-ucsc_sampleuser9/role-read-only][] User role read-only removed from +samplehost3-a.SAMPLE.com :2020 Sep 23 23:17:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser2][deletion][web_36595_A][4085515][sys/user-ext/user-ucsc_sampleuser9/role-read-only][sys/user-ext/user-ucsc_sampleuser9/role-read-only][] User role read-only removed from +samplehost3-a.SAMPLE.com :2020 Sep 23 23:17:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser2][deletion][web_36595_A][4085517][sys/user-ext/user-ucsc_sampleuser9/role-admin][sys/user-ext/user-ucsc_sampleuser9/role-admin][] User role admin removed from +samplehost3-a.SAMPLE.com :2020 Sep 23 23:17:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser2][deletion][web_36595_A][4085517][sys/user-ext/user-ucsc_sampleuser9/role-admin][sys/user-ext/user-ucsc_sampleuser9/role-admin][] User role admin removed from +samplehost4-a.SAMPLE.com :2020 Sep 9 03:17:01 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser3][deletion][web_26994_A][16891539][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost4-a.SAMPLE.com :2020 Sep 9 03:17:01 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser3][deletion][web_26994_A][16891539][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost4-a.SAMPLE.com :2020 Sep 9 03:17:01 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser3][deletion][web_26994_A][16891541][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost4-a.SAMPLE.com :2020 Sep 9 03:17:01 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser3][deletion][web_26994_A][16891541][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:54:04 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231806][sys/user-ext/user-ucsc_sampleuser5/role-read-only][sys/user-ext/user-ucsc_sampleuser5/role-read-only][] User role read-only removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:54:04 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231806][sys/user-ext/user-ucsc_sampleuser5/role-read-only][sys/user-ext/user-ucsc_sampleuser5/role-read-only][] User role read-only removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:54:04 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231808][sys/user-ext/user-ucsc_sampleuser5/role-admin][sys/user-ext/user-ucsc_sampleuser5/role-admin][] User role admin removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:54:04 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231808][sys/user-ext/user-ucsc_sampleuser5/role-admin][sys/user-ext/user-ucsc_sampleuser5/role-admin][] User role admin removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:53:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231758][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:53:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231758][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:53:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231760][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost5-b.SAMPLE.com :2020 Sep 9 19:53:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser1][deletion][web_55303_B][4231760][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:11 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063828][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:11 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063828][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:11 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063830][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:11 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063830][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:32:49 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063957][sys/user-ext/user-ucsc_sampleuser12/role-read-only][sys/user-ext/user-ucsc_sampleuser12/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:32:49 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063957][sys/user-ext/user-ucsc_sampleuser12/role-read-only][sys/user-ext/user-ucsc_sampleuser12/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:55 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063849][sys/user-ext/user-ucsc_sampleuser78/role-read-only][sys/user-ext/user-ucsc_sampleuser78/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:55 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063851][sys/user-ext/user-ucsc_sampleuser78/role-admin][sys/user-ext/user-ucsc_sampleuser78/role-admin][] User role admin removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:55 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063849][sys/user-ext/user-ucsc_sampleuser78/role-read-only][sys/user-ext/user-ucsc_sampleuser78/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:31:55 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063851][sys/user-ext/user-ucsc_sampleuser78/role-admin][sys/user-ext/user-ucsc_sampleuser78/role-admin][] User role admin removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:32:33 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063942][sys/user-ext/user-ucsc_sampleuser99/role-read-only][sys/user-ext/user-ucsc_sampleuser99/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:32:33 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063942][sys/user-ext/user-ucsc_sampleuser99/role-read-only][sys/user-ext/user-ucsc_sampleuser99/role-read-only][] User role read-only removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:32:33 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063944][sys/user-ext/user-ucsc_sampleuser99/role-admin][sys/user-ext/user-ucsc_sampleuser99/role-admin][] User role admin removed from +samplehost55-a.SAMPLE.com :2020 Sep 4 08:32:33 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_15495_A][29063944][sys/user-ext/user-ucsc_sampleuser99/role-admin][sys/user-ext/user-ucsc_sampleuser99/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:32 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528675][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:32 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528675][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:32 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528677][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:32 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528677][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:38 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528690][sys/user-ext/user-ucsc_sampleuser13/role-read-only][sys/user-ext/user-ucsc_sampleuser13/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:38 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528690][sys/user-ext/user-ucsc_sampleuser13/role-read-only][sys/user-ext/user-ucsc_sampleuser13/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:38 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528692][sys/user-ext/user-ucsc_sampleuser13/role-admin][sys/user-ext/user-ucsc_sampleuser13/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:38 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528692][sys/user-ext/user-ucsc_sampleuser13/role-admin][sys/user-ext/user-ucsc_sampleuser13/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:43 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528705][sys/user-ext/user-ucsc_sampleuser11/role-read-only][sys/user-ext/user-ucsc_sampleuser11/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:43 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528705][sys/user-ext/user-ucsc_sampleuser11/role-read-only][sys/user-ext/user-ucsc_sampleuser11/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:43 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528707][sys/user-ext/user-ucsc_sampleuser11/role-admin][sys/user-ext/user-ucsc_sampleuser11/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:43 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528707][sys/user-ext/user-ucsc_sampleuser11/role-admin][sys/user-ext/user-ucsc_sampleuser11/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:49 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528720][sys/user-ext/user-ucsc_sampleuser19/role-read-only][sys/user-ext/user-ucsc_sampleuser19/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:49 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528720][sys/user-ext/user-ucsc_sampleuser19/role-read-only][sys/user-ext/user-ucsc_sampleuser19/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:49 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528722][sys/user-ext/user-ucsc_sampleuser19/role-admin][sys/user-ext/user-ucsc_sampleuser19/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:49 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528722][sys/user-ext/user-ucsc_sampleuser19/role-admin][sys/user-ext/user-ucsc_sampleuser19/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:56 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528735][sys/user-ext/user-ucsc_sampleuser156/role-read-only][sys/user-ext/user-ucsc_sampleuser156/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:56 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528735][sys/user-ext/user-ucsc_sampleuser156/role-read-only][sys/user-ext/user-ucsc_sampleuser156/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:56 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528737][sys/user-ext/user-ucsc_sampleuser156/role-admin][sys/user-ext/user-ucsc_sampleuser156/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:29:56 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528737][sys/user-ext/user-ucsc_sampleuser156/role-admin][sys/user-ext/user-ucsc_sampleuser156/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:30:02 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528750][sys/user-ext/user-ucsc_sampleuser99/role-read-only][sys/user-ext/user-ucsc_sampleuser99/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:30:02 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528750][sys/user-ext/user-ucsc_sampleuser99/role-read-only][sys/user-ext/user-ucsc_sampleuser99/role-read-only][] User role read-only removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:30:02 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528752][sys/user-ext/user-ucsc_sampleuser99/role-admin][sys/user-ext/user-ucsc_sampleuser99/role-admin][] User role admin removed from +samplehost46-b.SAMPLE.com :2020 Sep 15 06:30:02 GMT: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser4][deletion][web_48720_B][4528752][sys/user-ext/user-ucsc_sampleuser99/role-admin][sys/user-ext/user-ucsc_sampleuser99/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531116][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531116][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531118][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531118][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531119][sys/user-ext/user-ucsc_sampleuser9/role-read-only][sys/user-ext/user-ucsc_sampleuser9/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531119][sys/user-ext/user-ucsc_sampleuser9/role-read-only][sys/user-ext/user-ucsc_sampleuser9/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531121][sys/user-ext/user-ucsc_sampleuser9/role-admin][sys/user-ext/user-ucsc_sampleuser9/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:13:59 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531121][sys/user-ext/user-ucsc_sampleuser9/role-admin][sys/user-ext/user-ucsc_sampleuser9/role-admin][] User role admin removed from +samplehost22-b.SAMPLE.com :2020 Sep 25 14:26:05 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_9400_B][60654984][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost22-b.SAMPLE.com :2020 Sep 25 14:26:05 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_9400_B][60654984][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost22-b.SAMPLE.com :2020 Sep 25 14:26:05 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_9400_B][60654986][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost22-b.SAMPLE.com :2020 Sep 25 14:26:05 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_9400_B][60654986][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3966999][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3966999][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3967001][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3967001][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3967002][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3967002][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3967004][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost79-a.SAMPLE.com :2020 Sep 25 14:30:09 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_43977_A][3967004][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253771][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253771][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253773][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253773][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253774][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253774][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253776][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253776][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253777][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253777][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253779][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost87-a.SAMPLE.com :2020 Sep 25 14:21:13 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_14687_A][28253779][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961582][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961582][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961584][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961584][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961585][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961585][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961587][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961587][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser1/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961588][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961588][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961590][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961590][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961591][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961591][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961593][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost0-b.SAMPLE.com :2020 Sep 25 14:23:44 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_196_B][27961593][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098003][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098003][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098005][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098005][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098006][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098006][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-read-only][] User role read-only removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098008][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost11-b.SAMPLE.com :2020 Sep 25 14:24:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_42702_B][27098008][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser3/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:58 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420928][sys/user-ext/user-ucsc_anjali.aggarwal/role-read-only][sys/user-ext/user-ucsc_anjali.aggarwal/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:58 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420928][sys/user-ext/user-ucsc_anjali.aggarwal/role-read-only][sys/user-ext/user-ucsc_anjali.aggarwal/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:58 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420930][sys/user-ext/user-ucsc_anjali.aggarwal/role-admin][sys/user-ext/user-ucsc_anjali.aggarwal/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:58 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420930][sys/user-ext/user-ucsc_anjali.aggarwal/role-admin][sys/user-ext/user-ucsc_anjali.aggarwal/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420875][sys/user-ext/user-ucsc_sampleuser7/role-read-only][sys/user-ext/user-ucsc_sampleuser7/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420875][sys/user-ext/user-ucsc_sampleuser7/role-read-only][sys/user-ext/user-ucsc_sampleuser7/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420877][sys/user-ext/user-ucsc_sampleuser7/role-admin][sys/user-ext/user-ucsc_sampleuser7/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:06 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420877][sys/user-ext/user-ucsc_sampleuser7/role-admin][sys/user-ext/user-ucsc_sampleuser7/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:16 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420888][sys/user-ext/user-ucsc_sampleuser131/role-read-only][sys/user-ext/user-ucsc_sampleuser131/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:16 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420888][sys/user-ext/user-ucsc_sampleuser131/role-read-only][sys/user-ext/user-ucsc_sampleuser131/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:16 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420890][sys/user-ext/user-ucsc_sampleuser131/role-admin][sys/user-ext/user-ucsc_sampleuser131/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:16 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420890][sys/user-ext/user-ucsc_sampleuser131/role-admin][sys/user-ext/user-ucsc_sampleuser131/role-admin][] User role admin removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:11:56 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399696][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:11:56 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399696][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-read-only][] User role read-only removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:11:56 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399698][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:11:56 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399698][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser1/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420907][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420907][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420909][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:01:38 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4420909][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:37 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776771][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-read-only][] User role read-only removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:37 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776771][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-read-only][] User role read-only removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:37 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776773][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-admin][] User role admin removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:37 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776773][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser5/role-admin][] User role admin removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:31 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776758][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:31 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776758][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:31 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776760][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost039-b.SAMPLE.com :2020 Sep 25 13:43:31 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser6][deletion][web_39657_B][10776760][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531057][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531057][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531059][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531059][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser9/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531060][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531060][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531062][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531062][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][sys/user-ext/user-ucsc_ucs-SAMPLE\testuser7/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531063][sys/user-ext/user-ucsc_sampleuser131/role-read-only][sys/user-ext/user-ucsc_sampleuser131/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531063][sys/user-ext/user-ucsc_sampleuser131/role-read-only][sys/user-ext/user-ucsc_sampleuser131/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531065][sys/user-ext/user-ucsc_sampleuser131/role-admin][sys/user-ext/user-ucsc_sampleuser131/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531065][sys/user-ext/user-ucsc_sampleuser131/role-admin][sys/user-ext/user-ucsc_sampleuser131/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531066][sys/user-ext/user-ucsc_sampleuser7/role-read-only][sys/user-ext/user-ucsc_sampleuser7/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531066][sys/user-ext/user-ucsc_sampleuser7/role-read-only][sys/user-ext/user-ucsc_sampleuser7/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531068][sys/user-ext/user-ucsc_sampleuser7/role-admin][sys/user-ext/user-ucsc_sampleuser7/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531068][sys/user-ext/user-ucsc_sampleuser7/role-admin][sys/user-ext/user-ucsc_sampleuser7/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531069][sys/user-ext/user-ucsc_sampleuser6/role-read-only][sys/user-ext/user-ucsc_sampleuser6/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531069][sys/user-ext/user-ucsc_sampleuser6/role-read-only][sys/user-ext/user-ucsc_sampleuser6/role-read-only][] User role read-only removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531071][sys/user-ext/user-ucsc_sampleuser6/role-admin][sys/user-ext/user-ucsc_sampleuser6/role-admin][] User role admin removed from +samplehost75-b.SAMPLE.com :2020 Sep 25 14:06:21 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_48657_B][4531071][sys/user-ext/user-ucsc_sampleuser6/role-admin][sys/user-ext/user-ucsc_sampleuser6/role-admin][] User role admin removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:08:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399655][sys/user-ext/user-ucsc_sampleuser4/role-read-only][sys/user-ext/user-ucsc_sampleuser4/role-read-only][] User role read-only removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:08:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399655][sys/user-ext/user-ucsc_sampleuser4/role-read-only][sys/user-ext/user-ucsc_sampleuser4/role-read-only][] User role read-only removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:08:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399657][sys/user-ext/user-ucsc_sampleuser4/role-admin][sys/user-ext/user-ucsc_sampleuser4/role-admin][] User role admin removed from +samplehost113-a.SAMPLE.com :2020 Sep 25 14:08:19 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_36531_A][4399657][sys/user-ext/user-ucsc_sampleuser4/role-admin][sys/user-ext/user-ucsc_sampleuser4/role-admin][] User role admin removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:13:24 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4421020][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser3/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2020 Sep 25 14:13:24 UTC: %UCSM-6-AUDIT: [admin][ucs-SAMPLE\testuser5][deletion][web_17218_B][4421020][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser3/role-read-only][sys/user-ext/user-ucsc_ucs-SAMPLE\sampleuser3/role-read-only][] User role read-only removed from +samplehost1-b.SAMPLE.com :2011 May 15 10:19:14 UTC: %UCSM-6-AUDIT: [session][internal][creation][] Web B: remote user ibm logged in from 172.25.206.73 +samplehost1-b.SAMPLE.com :2011 Apr 22 16:53:18 UTC: %UCSM-6-AUDIT: [admin][ucs-username\username][modification][] server 1/7 power-cycle/reset action requested: hard-reset-immediate +samplehost1-b.SAMPLE.com :2011 Apr 20 14:33:14 UTC: %UCSM-6-AUDIT: [admin][username][creation][] service profile test created +samplehost1-b.SAMPLE.com :2011 Apr 20 14:33:14 UTC: %UCSM-6-AUDIT: [admin][username][creation][] service profile Power MO created +samplehost1-b.SAMPLE.com :2011 Apr 20 14:33:14 UTC: %UCSM-6-AUDIT: [admin][username][creation][] Ether vnic eth1 created +samplehost1-b.SAMPLE.com :2011 Apr 20 14:33:14 UTC: %UCSM-6-AUDIT: [admin][username][creation][] Ethernet interface created \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/CyclaneProtectRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/CyclaneProtectRaw.log new file mode 100644 index 00000000000..df70769c070 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/CyclaneProtectRaw.log @@ -0,0 +1,172 @@ +Nov 30 15:11:16 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST002, Agent Version: 2.1.1570.35, IP Address: (172.78.212.98), MAC Address: (000D3AF980E0), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:25:49 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST013, Agent Version: 2.1.1570.35, IP Address: (10.91.6.156), MAC Address: (005056A67CA5), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +Dec 1 05:51:03 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST015, Agent Version: 2.1.1570.35, IP Address: (192.74.86.110), MAC Address: (000D3AFD44E9), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - SCCM,Device Type - Server,Feature - Server - PS Alert) +Nov 30 15:21:17 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST017, Agent Version: 2.1.1570.35, IP Address: (10.96.27.133), MAC Address: (000D3A06935A), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:23:57 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST018, Agent Version: 2.1.1570.35, IP Address: (172.181.208.227), MAC Address: (000D3AC4CC48), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:26:44 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST019, Agent Version: 2.1.1570.35, IP Address: (172.6.233.128), MAC Address: (000D3A066CD7), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Test) +Nov 30 15:10:38 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST020, Agent Version: 2.1.1570.35, IP Address: (172.14.66.111), MAC Address: (000D3A075019), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:07:46 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST021, Agent Version: 2.1.1570.35, IP Address: (10.8.158.124), MAC Address: (000D3A063728), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:10:07 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST022, Agent Version: 2.1.1570.35, IP Address: (172.5.183.231), MAC Address: (000D3A6CCF96), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:24:39 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST027, Agent Version: 2.1.1570.35, IP Address: (10.21.58.30), MAC Address: (000D3A6D2B86), Logged On Users: (), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:10:48 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST028, Agent Version: 2.1.1570.35, IP Address: (192.127.186.235), MAC Address: (000D3A6CC547), Logged On Users: (), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Device Type - Server) +Nov 30 15:09:39 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST051, Agent Version: 2.1.1570.35, IP Address: (172.238.7.184), MAC Address: (005056B65266), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:16:58 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST053, Agent Version: 2.1.1570.35, IP Address: (172.108.69.116, 172.108.69.116), MAC Address: (0050569E1E17, 0050569E3A12), Logged On Users: (), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:31:01 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST096, Agent Version: 2.0.1540.8, IP Address: (192.194.55.131), MAC Address: (005056A93938), Logged On Users: (), OS: Microsoft Windows Server 2008 R2 Enterprise Service Pack 1 x64 6.1.7601, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:16:50 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST097, Agent Version: 2.1.1570.35, IP Address: (192.73.195.248), MAC Address: (A4C3F07D995C), Logged On Users: (), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3) +Nov 30 15:30:16 sysloghost CylancePROTECT Event Type: Device, Event Name: Registration, Device Name: TESTHOST098, Zone Names: (), Device Id: 543f158c-92f0-4522-a812-cf8c4ac2cb68 +Nov 30 15:15:41 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST016, Agent Version: 2.1.1570.35, IP Address: (172.226.54.246), MAC Address: (000D3A064939), Logged On Users: (ABC\test-user64, ABC\test-user64, ABC\test-user73), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:29:03 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST042, Agent Version: 2.1.1570.35, IP Address: (172.220.154.28, 172.220.154.28), MAC Address: (005056AFAFDB, 005056B795E6), Logged On Users: (ABC\test-user1, ABC\test-user1, ABC\test-user6), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:21:13 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST093, Agent Version: 2.1.1570.35, IP Address: (192.32.39.102), MAC Address: (005056946B28), Logged On Users: (ABC\test-user9, ABC\test-user9, ABC\test-user76), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:22:30 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST014, Agent Version: 2.1.1570.35, IP Address: (172.102.50.154), MAC Address: (00505693B372), Logged On Users: (ABC\test-user10, ABC\test-user64), OS: Microsoft Windows Server 2012 R2 Standard x64 6.3.9600, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Domain Controller,Device Type - Server) +Dec 1 05:47:23 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST092, Agent Version: 2.1.1570.35, IP Address: (192.158.242.229), MAC Address: (00505691257B), Logged On Users: (ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79, ABC\test-user79), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:27:28 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST026, Agent Version: 2.1.1570.35, IP Address: (10.180.236.210), MAC Address: (000D3AF7E10D), Logged On Users: (ABC\test-user71), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Dec 1 01:39:29 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST055, Agent Version: 2.1.1570.35, IP Address: (172.124.156.17), MAC Address: (005056B83FD4), Logged On Users: (ABC\test-user51, ABC\test-user99), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:26:02 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST037, Agent Version: 2.1.1570.35, IP Address: (192.142.81.80), MAC Address: (00505693F53D), Logged On Users: (ABC\test-user23, ABC\test-user23, ABC\test-user23, ABC\test-user23, ABC\test-user23, ABC\test-user23, ABC\test-user23, ABC\test-user23, ABC\test-user46), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:16:47 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST052, Agent Version: 2.1.1570.35, IP Address: (172.151.40.70, 172.151.40.70, 172.151.40.70), MAC Address: (005056AF49C3, 005056AFAE88), Logged On Users: (ABC\test-user64), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST098, Agent Version: 2.0.1540.8, IP Address: (192.149.65.111), MAC Address: (AC675D2DC72E), Logged On Users: (ABC\test-user54), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: () +Dec 1 01:40:46 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST039, Agent Version: 2.1.1570.35, IP Address: (192.11.148.202), MAC Address: (005056915861), Logged On Users: (ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user66, ABC\test-user67), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:16:49 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST095, Agent Version: 2.1.1570.35, IP Address: (172.221.230.67), MAC Address: (005056B32A96), Logged On Users: (ABC\test-user31), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:18:40 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST030, Agent Version: 2.1.1570.35, IP Address: (10.104.9.10), MAC Address: (005056933BD4), Logged On Users: (ABC\test-user34, ABC\test-user13), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:20:45 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST034, Agent Version: 2.1.1570.35, IP Address: (172.200.248.14), MAC Address: (00505694997A), Logged On Users: (ABC\test-user14, ABC\test-user33), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Dec 1 01:42:33 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST076, Agent Version: 2.1.1570.35, IP Address: (192.99.243.163), MAC Address: (E4B97A9E137F), Logged On Users: (ABC\test-user82), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation) +Nov 30 15:26:28 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST023, Agent Version: 2.1.1570.35, IP Address: (172.216.25.3), MAC Address: (000D3AF9D827), Logged On Users: (ABC\test-user58, ABC\test-user58, ABC\test-user58, ABC\test-user35), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:18:04 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST024, Agent Version: 2.1.1570.35, IP Address: (192.134.249.181), MAC Address: (000D3A6CBB38), Logged On Users: (ABC\test-user13), OS: Microsoft Windows Server 2016 Datacenter x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:30:50 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST077, Agent Version: 2.1.1570.35, IP Address: (192.25.50.96), MAC Address: (3C6AA7EEE1B1), Logged On Users: (ABC\test-user43), OS: Microsoft Windows 10 Enterprise x64 10.0.17134, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation) +Nov 30 15:26:32 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST097, Agent Version: 2.1.1570.35, IP Address: (192.45.245.206), MAC Address: (A4C3F07D995C), Logged On Users: (ABC\test-user61), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3) +Nov 30 15:27:04 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST036, Agent Version: 2.1.1570.35, IP Address: (172.252.219.141), MAC Address: (00505694BB32), Logged On Users: (ABC\test-user80), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:16:01 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST094, Agent Version: 2.1.1570.35, IP Address: (10.183.182.220), MAC Address: (E4B97ADED880), Logged On Users: (ABC\test-user83), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation) +Dec 1 05:51:02 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST001, Agent Version: 2.1.1570.35, IP Address: (10.96.28.112), MAC Address: (000D3AFB93B1), Logged On Users: (ABC\test-user29), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Server - Pilot,Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +Nov 30 15:19:18 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST003, Agent Version: 2.1.1570.35, IP Address: (192.241.117.213), MAC Address: (000D3A6DB3DB), Logged On Users: (ABC\test-user68, ABC\test-user34), OS: Microsoft Windows Server 2016 Standard x64 10.0.14393, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server) +Dec 1 05:46:41 sysloghost CylancePROTECT Event Type: Device, Event Name: SystemSecurity, Device Name: TESTHOST044, Agent Version: 2.1.1570.35, IP Address: (10.219.183.227), MAC Address: (98E743762FFB), Logged On Users: (ABC\test-user39), OS: Microsoft Windows 10 Enterprise x64 10.0.18362, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation) +Nov 30 19:37:40 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST004, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b85f5b3e-396d-4169-a6e4-ab889fbc91d5, Policy Name: Server - CyberArk PSM +Nov 30 14:58:35 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST004, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b85f5b3e-396d-4169-a6e4-ab889fbc91d5, Policy Name: Server - CyberArk PSM +Dec 1 04:59:23 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST005, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 528781a1-76ab-4de9-8cab-507cf95a3732, Policy Name: Server - CyberArk PSM +Nov 30 19:43:54 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST005, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 528781a1-76ab-4de9-8cab-507cf95a3732, Policy Name: Server - CyberArk PSM +Nov 30 14:56:02 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST005, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 528781a1-76ab-4de9-8cab-507cf95a3732, Policy Name: Server - CyberArk PSM +Dec 1 01:45:08 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM +Nov 30 22:39:45 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM +Nov 30 19:34:28 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM +Nov 30 14:56:17 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST006, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 0eb59bed-1f14-49c6-ae71-afbabd271d88, Policy Name: Server - CyberArk PSM +Nov 30 22:40:28 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM +Nov 30 19:44:45 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM +Nov 30 19:34:24 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM +Nov 30 14:55:23 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST007, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: e85980e1-a699-49c7-948c-fe02233a9d3e, Policy Name: Server - CyberArk PSM +Dec 1 04:59:45 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST008, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b09e87b2-ef29-4d58-8dfa-0cbadc586492, Policy Name: Server - CyberArk PSM +Nov 30 19:43:03 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST008, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b09e87b2-ef29-4d58-8dfa-0cbadc586492, Policy Name: Server - CyberArk PSM +Nov 30 14:55:03 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST008, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: b09e87b2-ef29-4d58-8dfa-0cbadc586492, Policy Name: Server - CyberArk PSM +Nov 30 19:36:09 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST009, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2162b721-2d89-4f4e-b8d5-cda0944d5ac3, Policy Name: Server - CyberArk PSM +Nov 30 14:57:12 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST009, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2162b721-2d89-4f4e-b8d5-cda0944d5ac3, Policy Name: Server - CyberArk PSM +Nov 30 19:38:07 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST010, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 1282f8b1-f930-478b-9f1b-3eb3266234e2, Policy Name: Server - CyberArk PSM +Nov 30 14:59:56 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST010, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 1282f8b1-f930-478b-9f1b-3eb3266234e2, Policy Name: Server - CyberArk PSM +Nov 30 19:41:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122240\860\CPUUsagePercent..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-CLD-om_saa, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 19:36:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122240\860\CPUUsagePercent..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-CLD-om_saa, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 14:56:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122240\860\CPUUsagePercent..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-CLD-om_saa, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 19:41:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122244\3239\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 19:36:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122244\3239\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 14:56:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122244\3239\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 14:51:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122244\3239\CPUUsagePercen..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SVC-ENT-SCOM-SA, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Dec 1 01:45:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122241\4354\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SYSTEM, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 15:00:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122241\4354\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SYSTEM, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 14:57:59 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST011, File Path: [*COMMAND*] $ep = get-executionpolicy; if ($ep -gt 'RemoteSigned') {set-executionpolicy -Scope Process remotesigned} & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 122246\162203\GeneralAlway..., SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,App - Server - Additional Exclusions,Device Type - Server,Feature - Server - AS Alert), User Name: SYSTEM, Device Id: a12029ff-7342-447e-9d39-ab33bd33a4d9, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Dec 1 01:45:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST012, File Path: [*COMMAND*] & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 47\2476\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: f9655770-6ef8-45fe-8d88-76eca1e61f7c, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Nov 30 15:00:00 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST012, File Path: [*COMMAND*] & 'C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 47\2476\LogEndToEndEvent.ps1', SHA256: fe9b64defd8bf214c7490bb7f35b495a79a95e81f8943ee279dc99998d3d3440, Interpreter: Powershell, Interpreter Version: 6.3.9600.17396 (winblue_r4.141007-2030), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: f9655770-6ef8-45fe-8d88-76eca1e61f7c, Policy Name: Server - Standard - Additional Exclusions-AS Alert +Dec 1 03:39:02 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST02, External Device Type: iOS, External Device Vendor ID: 05AC, External Device Name: PTP, External Device Product ID: 12A8, External Device Serial Number: 4fcdd14febe17ba6c72754dfc6070a1f200565ed, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3), Device Id: 77532117-72a1-4902-ac28-7b4a3bb2356f, Policy Name: Default +Dec 1 06:25:16 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST024, External Device Type: WPD, External Device Vendor ID: 22D9, External Device Name: SDM665-IDP _SN:6B1261F1, External Device Product ID: 2764, External Device Serial Number: 6b1261f1, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 595ad5ae-93bf-411a-a15a-2b95157b262d, Policy Name: Workstation - Standard +Dec 1 03:14:22 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST024, External Device Type: USBCDDVDRW, External Device Vendor ID: 22D9, External Device Name: Linux File-CD Gadget USB Device, External Device Product ID: 2773, External Device Serial Number: a526966e, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 595ad5ae-93bf-411a-a15a-2b95157b262d, Policy Name: Workstation - Standard +Nov 30 15:00:02 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Alert, Device Name: TESTHOST025, File Path: d:\madhu\act\backupreport.ps1, SHA256: FCB3BF73261922F8923D135D34FC6C2A30571AA1AB098773E6B5442D48D813B3, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,App - Server - SCCM,Device Type - Server), User Name: SVC-ENT-SCORCH, Device Id: 4f61c1cd-4abb-42cc-993b-a0b5066adfdb, Policy Name: Server - SCCM - PS Alert +Nov 30 14:55:51 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.202.226.155), File Name: MBX@496C@3AD1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user84, SHA256: 179698933DD6368A735FCCCE6113CDCA24DEECBD17DB1E44B872D8E2F001425B, MD5: 9A551F53B059AB4165A5CAB670BF9092, Status: Quarantined, Cylance Score: 69, Found Date: 11/30/2020 2:55:51 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:55:51 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.194.26.152), File Name: MBX@496C@3AD1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user32, SHA256: 179698933DD6368A735FCCCE6113CDCA24DEECBD17DB1E44B872D8E2F001425B, MD5: 9A551F53B059AB4165A5CAB670BF9092, Status: Quarantined, Cylance Score: 69, Found Date: 11/30/2020 2:55:52 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:51:46 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.176.21.17), File Name: MBX@20CC@31B1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user85, SHA256: 9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42, MD5: D2EC4BD891175BB7725626497B90F09A, Status: Quarantined, Cylance Score: 63, Found Date: 11/30/2020 2:51:46 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:51:46 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.6.81.93), File Name: MBX@20CC@31B1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user81, SHA256: 9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42, MD5: D2EC4BD891175BB7725626497B90F09A, Status: Quarantined, Cylance Score: 63, Found Date: 11/30/2020 2:51:46 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:50:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.135.133.117), File Name: MBX@41E8@3A01B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user90, SHA256: 95312004B3C192E450485B1485C736438EAA8E12752E3BCE3FEFEEFE6D93E0B7, MD5: FAB721168E94399032EF962BC57EC86B, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:26 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:50:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (192.79.71.98), File Name: MBX@41E8@3A01B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user4, SHA256: 95312004B3C192E450485B1485C736438EAA8E12752E3BCE3FEFEEFE6D93E0B7, MD5: FAB721168E94399032EF962BC57EC86B, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:26 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:50:10 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.105.153.25), File Name: MBX@1E38@3A71B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user8, SHA256: 67BD12CE95ECEE1EFD315D076D8C772C8998F409A49D6F26773AA5849BFD7EBF, MD5: 0CBF6CCD73AB58DEA565AD41C32ECA8D, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:10 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:50:10 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.112.111.163), File Name: MBX@1E38@3A71B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user97, SHA256: 67BD12CE95ECEE1EFD315D076D8C772C8998F409A49D6F26773AA5849BFD7EBF, MD5: 0CBF6CCD73AB58DEA565AD41C32ECA8D, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:50:10 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (192.147.148.170), File Name: MBX@52DC@39D1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user57, SHA256: 4344B4702D544149C0C60729125E822E6D60A187302F13D772B4D85976B02AC9, MD5: 3EE72502F87F904A5655F0A2E469FE7A, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:35 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.53.226.60), File Name: MBX@165C@39C1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user46, SHA256: 6D0B5495D362C7C32A6C1994B1C2D49C48824DA098DC1FFBBEC753202EB0C3A9, MD5: A15493287808F1E706C0DB6401C56CA5, Status: Quarantined, Cylance Score: 52, Found Date: 11/30/2020 2:49:36 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.94.76.244), File Name: MBX@52DC@39D1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user23, SHA256: 4344B4702D544149C0C60729125E822E6D60A187302F13D772B4D85976B02AC9, MD5: 3EE72502F87F904A5655F0A2E469FE7A, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:36 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:35 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.64.26.18), File Name: MBX@165C@39C1B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user62, SHA256: 6D0B5495D362C7C32A6C1994B1C2D49C48824DA098DC1FFBBEC753202EB0C3A9, MD5: A15493287808F1E706C0DB6401C56CA5, Status: Quarantined, Cylance Score: 52, Found Date: 11/30/2020 2:49:35 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.227.72.213), File Name: MBX@4468@3A51B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user65, SHA256: 7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547, MD5: 1219CD69638731CDCADE5E3C0A83096C, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:21 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.59.214.243), File Name: MBX@4C08@3B21B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user23, SHA256: DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19, MD5: 995CED34B4AC46B1147A476D5EFD1C6C, Status: Quarantined, Cylance Score: 64, Found Date: 11/30/2020 2:49:22 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.163.87.136), File Name: MBX@4468@3A51B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user74, SHA256: 7E4DA5AAEF09B09138C84BC4D06B2BE7F92B4069A58077A044135A6406C86547, MD5: 1219CD69638731CDCADE5E3C0A83096C, Status: Quarantined, Cylance Score: 61, Found Date: 11/30/2020 2:49:22 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:49:21 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.207.4.239), File Name: MBX@4C08@3B21B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user41, SHA256: DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19, MD5: 995CED34B4AC46B1147A476D5EFD1C6C, Status: Quarantined, Cylance Score: 64, Found Date: 11/30/2020 2:49:21 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: ExecutionControl, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:16:23 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.236.96.225), File Name: MBX@2970@3B21B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user26, SHA256: 173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0, MD5: 68AD7C10B9700251F5A266DD4822FAD9, Status: Quarantined, Cylance Score: 66, Found Date: 11/30/2020 2:16:23 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:16:23 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.52.253.151), File Name: MBX@2970@3B21B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user72, SHA256: 173F59A7141AC5AF2A2B225DB3E8DCFD1C9F041B008506D821428A1DFA368AE0, MD5: 68AD7C10B9700251F5A266DD4822FAD9, Status: Quarantined, Cylance Score: 66, Found Date: 11/30/2020 2:16:24 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:15:49 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.101.81.70), File Name: MBX@4994@3A01B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user13, SHA256: 75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004, MD5: CC01091318C86C6A8FFA1150B7BE7F17, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:15:49 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:15:49 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.209.112.91), File Name: MBX@4994@3A01B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user63, SHA256: 75B92660B6EB4FB1B848CC08CBB591CEF729FAA02C43086DD3B88494B75FD004, MD5: CC01091318C86C6A8FFA1150B7BE7F17, Status: Quarantined, Cylance Score: 68, Found Date: 11/30/2020 2:15:49 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:15:37 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (10.159.74.31), File Name: MBX@2CE8@3991B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user39, SHA256: 1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435, MD5: 1AAFDAD28E362C660770B9E14971092C, Status: Quarantined, Cylance Score: 55, Found Date: 11/30/2020 2:15:37 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:15:37 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (172.51.242.31), File Name: MBX@2CE8@3991B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user67, SHA256: 1093CECFE64612EF7EFBC3F91A94C899FA8BEE45529403669385CF2DF0ED1435, MD5: 1AAFDAD28E362C660770B9E14971092C, Status: Quarantined, Cylance Score: 55, Found Date: 11/30/2020 2:15:37 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:15:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST029, IP Address: (172.217.224.140), File Name: MBX@18A4@3B31B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user75, SHA256: 3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B, MD5: 72738F84DA72B5D399F48CBFC8DC0646, Status: Quarantined, Cylance Score: 62, Found Date: 11/30/2020 2:15:26 PM, File Type: Executable, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +Nov 30 14:15:26 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST029, IP Address: (192.187.18.183), File Name: MBX@18A4@3B31B30.###, Path: C:\Users\testuser\AppData\Local\Temp\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user56, SHA256: 3D3FA86221DFB7CF844678AC0C1BE2128C3C48EB01EBEA27BDC8EC758FE8EA7B, MD5: 72738F84DA72B5D399F48CBFC8DC0646, Status: Quarantined, Cylance Score: 62, Found Date: 11/30/2020 2:15:27 PM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 333b84cb-5eb3-4733-b57b-5a17d06f8043, Policy Name: Workstation - Standard +{"AV Industry": "N/A", "Access Time": "11/30/2020 2:48:59 PM", "Auto Run": "False", "Cert Issuer": "N/A", "Cert Publisher": "N/A", "Cert Subject": "N/A", "Cert Timestamp": "N/A", "Classification": "N/A", "Company Name": "N/A", "Copyright": "N/A", "Create Time": "11/30/2020 2:48:59 PM", "Cylance Score": "64", "Description": "N/A", "Detected By": "Execution Control", "DeviceName": "TESTHOST029", "Drive Type": "Internal Hard Drive", "Ever Run": "True", "File Name": "MBX@4C08@3B21B30.###", "File Owner": "ABC\\testuser", "File Path": "C:\\Users\\testuser\\AppData\\Local\\Temp\\MBX@4C08@3B21B30.###", "File Size (bytes)": "2048", "File Status": "quarantined", "File Version": "N/A", "First Found": "11/30/2020 2:49:22 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 9:09:24 PM", "MD5": "995CED34B4AC46B1147A476D5EFD1C6C", "Modification Time": "11/30/2020 2:48:59 PM", "Product Name": "N/A", "Running": "False", "SHA256": "DDA6C2D271953EC588D522F0D06AC5972D496EC945062DFDB5A4568B153DDC19", "Safelisted": "No", "Serial Number": "333b84cb-5eb3-4733-b57b-5a17d06f8043", "Signature Status": "No Signature", "Signed": "False", "Tenant": "ABC"} +{"AV Industry": "N/A", "Access Time": "11/30/2020 2:51:15 PM", "Auto Run": "False", "Cert Issuer": "N/A", "Cert Publisher": "N/A", "Cert Subject": "N/A", "Cert Timestamp": "N/A", "Classification": "N/A", "Company Name": "N/A", "Copyright": "N/A", "Create Time": "11/30/2020 2:51:15 PM", "Cylance Score": "63", "Description": "N/A", "Detected By": "Execution Control", "DeviceName": "TESTHOST029", "Drive Type": "Internal Hard Drive", "Ever Run": "True", "File Name": "MBX@20CC@31B1B30.###", "File Owner": "ABC\\testuser", "File Path": "C:\\Users\\testuser\\AppData\\Local\\Temp\\MBX@20CC@31B1B30.###", "File Size (bytes)": "2048", "File Status": "quarantined", "File Version": "N/A", "First Found": "11/30/2020 2:51:46 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 9:09:24 PM", "MD5": "D2EC4BD891175BB7725626497B90F09A", "Modification Time": "11/30/2020 2:51:15 PM", "Product Name": "N/A", "Running": "False", "SHA256": "9A60C0D3897FD1EC03899F876AE27E1BFE9E872B79D6881579DFB0A4A6D09D42", "Safelisted": "No", "Serial Number": "333b84cb-5eb3-4733-b57b-5a17d06f8043", "Signature Status": "No Signature", "Signed": "False", "Tenant": "ABC"} +Dec 1 06:59:09 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST031, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RF8N803A8ZF, Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 813bf0db-8ca7-4bf9-9e1d-fee184966915, Policy Name: Workstation - Standard +Dec 1 11:27:29 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST031, External Device Type: StillImage, External Device Vendor ID: 04B8, External Device Name: EPSON Scanner, External Device Product ID: 1120, External Device Serial Number: 583334513330303874, Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: ee93884c-6d4b-4cfb-bac9-e0316ace2623, Policy Name: Workstation - Standard +Nov 30 14:57:31 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST032, File Path: c:\temp\configmgrclienthealth.ps1, SHA256: DABCF29974F6629FB4FF1250AA5C631AD5EF60BB8A2B9E08E9ADEF45054DE7FD, Interpreter: Powershell, Interpreter Version: 10.0.18362.1 (WinBuild.160101.0800), Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), User Name: SYSTEM, Device Id: 49a3d5b3-e7e5-4e9f-ae9c-14ce3dd2103d, Policy Name: Workstation - Standard +Dec 1 04:34:04 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST032, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: SAMSUNG_Android, External Device Product ID: 6860, External Device Serial Number: RR8N706DT7M, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: e26831c7-7b54-4518-9e3e-7187b16bcd2f, Policy Name: Workstation - Standard +Nov 30 15:02:04 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST033 was auto assigned to Zone: Agent Update - Windows - Production 3, User: +Nov 30 15:02:04 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST033 was auto assigned to Zone: Device Type - Workstation, User: +Dec 1 05:04:04 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST036, External Device Type: StillImage, External Device Vendor ID: 03F0, External Device Name: HP Scanjet scanner, External Device Product ID: 4605, External Device Serial Number: CN33EBB03005, Zone Names: (Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 597e7723-9369-4152-b500-2ca5049a0c46, Policy Name: Workstation - Standard +Dec 1 07:38:21 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST039, External Device Type: iOS, External Device Vendor ID: 05AC, External Device Name: PTP, External Device Product ID: 12A8, External Device Serial Number: c8c4c84eb4b7964b5c4de04188d15f26660e50cf, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: a5e87aad-ded3-4b11-a836-e59145221283, Policy Name: Workstation - Standard +Dec 1 00:36:29 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST039, IP Address: (192.47.54.117), File Name: trainer.exe, Path: W:\Temp_7_days\Sugi\SONGS A\Barat By Artist II\MIX\mytrdcas13t2.zip|, Drive Type: Internal Hard Drive, File Owner: BUILTIN\Administrators, SHA256: 66332B486BEFC96ED5CBE7D024D70D72D6C243C8A0E17BDC06379BB7FEA1E9E2, MD5: 640BC20A74E46F7DD1184EA844466FD3, Status: Quarantined, Cylance Score: 100, Found Date: 12/1/2020 12:36:29 AM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - File and Print,Device Type - Server), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 67414f46-a4eb-4956-93b5-b3e7cb0163ad, Policy Name: Server - File and Print +Dec 1 00:35:54 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST039, IP Address: (192.191.126.229), File Name: trainer.exe, Path: W:\Temp_7_days\Sugi\SONGS A\Barat By Artist II\MIX\I-RDCQT9.ZIP|, Drive Type: Internal Hard Drive, File Owner: BUILTIN\Administrators, SHA256: CDDDEBBC7A102EB672C835148F7A2A00EB69B7CA904194D96CF0F0EBC4182B46, MD5: 954EFC4E835C897A0D17427559669EE4, Status: Quarantined, Cylance Score: 82, Found Date: 12/1/2020 12:35:54 AM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - File and Print,Device Type - Server), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 67414f46-a4eb-4956-93b5-b3e7cb0163ad, Policy Name: Server - File and Print +Nov 21 10:19:03 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST04, IP Address: (192.225.89.38, 192.225.89.38), File Name: sapdsigner, Path: /act/mnt/Staging_3233658/usr/sap/hostctrl_25July2020/exe/, Drive Type: Internal Hard Drive, SHA256: 0DD9CC9174EE03F858ED65F3B5969AA702B658801A3FD5B1590DE04C98C7BEBD, MD5: 8B613D1D1BF0CEEF4F0EF0034D4EF97D, Status: Quarantined, Cylance Score: 36, Found Date: 10/23/2020 3:58:06 PM, File Type: LinuxExe, Is Running: True, Auto Run: False, Detected By: FileWatcher, Zone Names: (Device Type - Linux Server - SAP), Is Malware: False, Is Unique To Cylance: True, Threat Classification: Trusted - Local, Device Id: 9475effa-1e3d-411a-b35a-650d73ec6042, Policy Name: Linux Server - SAP - MP Term +Nov 21 10:19:03 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_changed, Device Name: TESTHOST04, IP Address: (10.3.2.247, 10.3.2.247), File Name: sapdsigner, Path: /act/mnt/Staging_3233658/usr/sap/hostctrl_25July2020/exe/, Drive Type: Internal Hard Drive, SHA256: 0DD9CC9174EE03F858ED65F3B5969AA702B658801A3FD5B1590DE04C98C7BEBD, MD5: 8B613D1D1BF0CEEF4F0EF0034D4EF97D, Status: Quarantined, Cylance Score: 36, Found Date: 10/23/2020 3:58:06 PM, File Type: LinuxExe, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Device Type - Linux Server - SAP), Is Malware: False, Is Unique To Cylance: True, Threat Classification: Trusted - Local, Device Id: 9475effa-1e3d-411a-b35a-650d73ec6042, Policy Name: Linux Server - SAP - MP Term +Nov 30 19:42:42 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST040, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 6d4fd7e0-6e44-4b5d-af04-49025c271b8f, Policy Name: Server - CyberArk PSM +Nov 30 14:52:05 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST040, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 6d4fd7e0-6e44-4b5d-af04-49025c271b8f, Policy Name: Server - CyberArk PSM +Dec 1 04:07:05 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard +Dec 1 04:05:54 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard +Dec 1 04:05:47 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard +Dec 1 04:05:34 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST041, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: RZ8NB035NRB, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: cd1e0df9-c479-46e7-94ef-45a2f92633e8, Policy Name: Workstation - Standard +Dec 1 04:58:29 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST041, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2fee477f-a855-475f-b690-989dd1ec9023, Policy Name: Server - CyberArk PSM +Nov 30 19:37:46 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST041, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2fee477f-a855-475f-b690-989dd1ec9023, Policy Name: Server - CyberArk PSM +Nov 30 14:57:33 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST041, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - CyberArk PSM,Device Type - Server), User Name: SYSTEM, Device Id: 2fee477f-a855-475f-b690-989dd1ec9023, Policy Name: Server - CyberArk PSM +Dec 1 07:23:21 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST042, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: MI MAX, External Device Product ID: FF40, External Device Serial Number: fdd9f00d, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 9d4732ac-1c0c-49c0-946a-59e76264c55d, Policy Name: Workstation - Standard +Dec 1 07:23:13 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST042, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: MI MAX, External Device Product ID: FF40, External Device Serial Number: fdd9f00d, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 9d4732ac-1c0c-49c0-946a-59e76264c55d, Policy Name: Workstation - Standard +Dec 1 00:10:41 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST043 was auto assigned to Zone: Agent Update - Windows - Production 1, User: +Dec 1 00:10:41 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST043 was auto assigned to Zone: Agent Update - Windows - Production 3, User: +Dec 1 00:10:40 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST043 was auto assigned to Zone: Device Type - Workstation, User: +Dec 1 03:36:28 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST051, External Device Type: iOS, External Device Vendor ID: 05AC, External Device Name: PTP, External Device Product ID: 12A8, External Device Serial Number: 00008020001E09320212002E, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 4b8097b0-b0dd-4b0e-a324-f2a1376a2d83, Policy Name: Workstation - Standard +Dec 1 07:22:15 sysloghost CylancePROTECT Event Type: Threat, Event Name: threat_quarantined, Device Name: TESTHOST054, IP Address: (192.246.12.75), File Name: Updater.exe, Path: F:\pcdatabackup\Documenttt\GEM4D 64-bit July 2020\GEM4D 64-bit\, Drive Type: Internal Hard Drive, File Owner: ABC\test-user82, SHA256: 1B03974B34C9B6A18C3F2235BA2380BE402338E2263AD52C31C53F1815AE29D0, MD5: E0AE01B2B652C359F39EED10FF084172, Status: Quarantined, Cylance Score: 84, Found Date: 12/1/2020 7:22:15 AM, File Type: Executable, Is Running: False, Auto Run: False, Detected By: FileWatcher, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,App - Server - File and Print,Device Type - Server), Is Malware: False, Is Unique To Cylance: False, Threat Classification: UNCLASSIFIED, Device Id: 55db412c-b8e5-4a1e-a8c3-f54947f6ccc4, Policy Name: Server - File and Print_PCN +Dec 1 04:46:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST055 was auto assigned to Zone: Agent Update - Windows - Production 3, User: +Dec 1 04:46:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST055 was auto assigned to Zone: Device Type - Workstation, User: +Dec 1 04:46:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST055 was auto assigned to Zone: Agent Update - Windows - Production 1, User: +Dec 1 04:35:49 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST056, External Device Type: WPD, External Device Vendor ID: 22D9, External Device Name: CPH1819, External Device Product ID: 2764, External Device Serial Number: SKJ7V46HEY9SR8FU, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: bbd8dd87-334b-4852-ba0c-305b34cb16c5, Policy Name: Workstation - Standard +Dec 1 05:56:26 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST066, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: 2130c4650c017ece, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 93a66b18-a878-4b07-be62-31e1755b038f, Policy Name: Workstation - Standard +Dec 1 05:54:58 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST066, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: 2130c4650c017ece, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 93a66b18-a878-4b07-be62-31e1755b038f, Policy Name: Workstation - Standard +Dec 1 05:54:50 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST066, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: MTP, External Device Product ID: 6860, External Device Serial Number: 2130c4650c017ece, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 93a66b18-a878-4b07-be62-31e1755b038f, Policy Name: Workstation - Standard +Dec 1 04:16:53 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST073, External Device Type: USBDrive, External Device Vendor ID: 0781, External Device Name: SanDisk Cruzer Edge USB Device, External Device Product ID: 556B, External Device Serial Number: 4C530199950409122492, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 9961d21d-c10e-473f-935b-825cc50c89c6, Policy Name: Workstation - Standard +Dec 1 07:19:21 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST076, External Device Type: WPD, External Device Vendor ID: 2D95, External Device Name: vivo 1920, External Device Product ID: 6004, External Device Serial Number: daf0e808, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 172b00c7-5f41-4b08-8852-329acf45756b, Policy Name: Workstation - Standard +Dec 1 07:06:59 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST076, External Device Type: WPD, External Device Vendor ID: 2D95, External Device Name: vivo 1920, External Device Product ID: 6004, External Device Serial Number: daf0e808, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 172b00c7-5f41-4b08-8852-329acf45756b, Policy Name: Workstation - Standard +Dec 1 07:06:52 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST076, External Device Type: WPD, External Device Vendor ID: 2D95, External Device Name: vivo 1920, External Device Product ID: 6002, External Device Serial Number: daf0e808, Zone Names: (Agent Update - Windows - Production 1,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 172b00c7-5f41-4b08-8852-329acf45756b, Policy Name: Workstation - Standard +{"AV Industry": "Threat", "Access Time": "11/25/2020 8:39:46 PM", "Auto Run": "False", "Cert Issuer": "DigiCert SHA2 Assured ID Code Signing CA", "Cert Publisher": "Byte Technologies LLC", "Cert Subject": "Byte Technologies LLC", "Cert Timestamp": "N/A", "Classification": "N/A", "Company Name": "Byte Technologies LLC", "Copyright": "Copyright \u00a9 2018 Byte Technologies LLC", "Create Time": "11/25/2020 8:39:46 PM", "Cylance Score": "100", "Description": "ByteFence Anti-Malware Scanner", "Detected By": "File Watcher", "DeviceName": "TESTHOST087", "Drive Type": "Internal Hard Drive", "Ever Run": "False", "File Name": "ByteFenceScan.exe", "File Owner": "NT AUTHORITY\\SYSTEM", "File Path": "C:\\Program Files\\ByteFence\\ByteFenceScan.exe", "File Size (bytes)": "827720", "File Status": "quarantined", "File Version": "192.28.12.207", "First Found": "11/25/2020 9:06:59 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 6:27:08 PM", "MD5": "4DF54F30911CF1EDAD40A711E1EBC6E5", "Modification Time": "11/25/2020 8:39:46 PM", "Product Name": "ByteFence Anti-Malware", "Running": "False", "SHA256": "B2F2C95FDDEC170F599460D6FEE5AA89DE9DAA21F4309B3F43733542BCF8A4B8", "Safelisted": "No", "Serial Number": "1266f7a1-603f-405a-9c66-79fa7c15e829", "Signature Status": "Valid", "Signed": "True", "Tenant": "ABC"} +{"AV Industry": "Threat", "Access Time": "11/25/2020 7:45:21 PM", "Auto Run": "False", "Cert Issuer": "Symantec Class 3 SHA256 Code Signing CA", "Cert Publisher": "Piriform Ltd", "Cert Subject": "Piriform Ltd", "Cert Timestamp": "6/6/2016 10:45:00 PM", "Classification": "PUP - Adware", "Company Name": "Piriform Ltd", "Copyright": "Copyright \u00a9 2006-2016 Piriform Ltd", "Create Time": "11/25/2020 7:45:21 PM", "Cylance Score": "100", "Description": "Recuva Installer", "Detected By": "Execution Control", "DeviceName": "TESTHOST087", "Drive Type": "Internal Hard Drive", "Ever Run": "False", "File Name": "recuva-1-53-1087.exe", "File Owner": "NT AUTHORITY\\SYSTEM", "File Path": "C:\\Users\\Administrator\\Downloads\\recuva-1-53-1087.exe", "File Size (bytes)": "5473600", "File Status": "quarantined", "File Version": "192.81.101.147", "First Found": "11/25/2020 9:06:59 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 6:27:08 PM", "MD5": "981E63069729E977237100CE02BA6FC8", "Modification Time": "11/25/2020 7:45:42 PM", "Product Name": "Recuva", "Running": "False", "SHA256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", "Safelisted": "No", "Serial Number": "1266f7a1-603f-405a-9c66-79fa7c15e829", "Signature Status": "Valid", "Signed": "True", "Tenant": "ABC"} +{"AV Industry": "Threat", "Access Time": "11/25/2020 7:46:44 PM", "Auto Run": "False", "Cert Issuer": "Symantec Class 3 SHA256 Code Signing CA", "Cert Publisher": "Piriform Ltd", "Cert Subject": "Piriform Ltd", "Cert Timestamp": "6/6/2016 10:45:00 PM", "Classification": "PUP - Adware", "Company Name": "Piriform Ltd", "Copyright": "Copyright \u00a9 2006-2016 Piriform Ltd", "Create Time": "11/25/2020 7:46:44 PM", "Cylance Score": "100", "Description": "Recuva Installer", "Detected By": "File Watcher", "DeviceName": "TESTHOST087", "Drive Type": "Internal Hard Drive", "Ever Run": "False", "File Name": "f_0008db", "File Owner": "NT AUTHORITY\\SYSTEM", "File Path": "C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\f_0008db", "File Size (bytes)": "5473600", "File Status": "quarantined", "File Version": "172.74.81.145", "First Found": "11/25/2020 9:06:59 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 6:27:08 PM", "MD5": "981E63069729E977237100CE02BA6FC8", "Modification Time": "11/25/2020 7:46:57 PM", "Product Name": "Recuva", "Running": "False", "SHA256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", "Safelisted": "No", "Serial Number": "1266f7a1-603f-405a-9c66-79fa7c15e829", "Signature Status": "Valid", "Signed": "True", "Tenant": "ABC"} +{"AV Industry": "Threat", "Access Time": "11/25/2020 7:45:25 PM", "Auto Run": "False", "Cert Issuer": "Symantec Class 3 SHA256 Code Signing CA", "Cert Publisher": "Piriform Ltd", "Cert Subject": "Piriform Ltd", "Cert Timestamp": "6/6/2016 10:45:00 PM", "Classification": "PUP - Adware", "Company Name": "Piriform Ltd", "Copyright": "Copyright \u00a9 2006-2016 Piriform Ltd", "Create Time": "11/25/2020 7:45:25 PM", "Cylance Score": "100", "Description": "Recuva Installer", "Detected By": "File Watcher", "DeviceName": "TESTHOST087", "Drive Type": "Internal Hard Drive", "Ever Run": "False", "File Name": "f_0008da", "File Owner": "NT AUTHORITY\\SYSTEM", "File Path": "C:\\Users\\Administrator\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\f_0008da", "File Size (bytes)": "5473600", "File Status": "quarantined", "File Version": "172.218.36.57", "First Found": "11/25/2020 9:06:59 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 6:27:08 PM", "MD5": "981E63069729E977237100CE02BA6FC8", "Modification Time": "11/25/2020 7:45:42 PM", "Product Name": "Recuva", "Running": "False", "SHA256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", "Safelisted": "No", "Serial Number": "1266f7a1-603f-405a-9c66-79fa7c15e829", "Signature Status": "Valid", "Signed": "True", "Tenant": "ABC"} +{"AV Industry": "Threat", "Access Time": "11/25/2020 7:46:41 PM", "Auto Run": "False", "Cert Issuer": "Symantec Class 3 SHA256 Code Signing CA", "Cert Publisher": "Piriform Ltd", "Cert Subject": "Piriform Ltd", "Cert Timestamp": "6/6/2016 10:45:00 PM", "Classification": "PUP - Adware", "Company Name": "Piriform Ltd", "Copyright": "Copyright \u00a9 2006-2016 Piriform Ltd", "Create Time": "11/25/2020 7:46:54 PM", "Cylance Score": "100", "Description": "Recuva Installer", "Detected By": "File Watcher", "DeviceName": "TESTHOST087", "Drive Type": "Internal Hard Drive", "Ever Run": "False", "File Name": "$RAVRP4V.exe", "File Owner": "NT AUTHORITY\\SYSTEM", "File Path": "C:\\$Recycle.Bin\\S-1-5-21-589103672-3991889892-2680960721-500\\$RAVRP4V.exe", "File Size (bytes)": "5473600", "File Status": "quarantined", "File Version": "192.59.232.239", "First Found": "11/25/2020 9:06:59 PM", "Global Quarantined": "No", "Last Found": "11/30/2020 6:27:08 PM", "MD5": "981E63069729E977237100CE02BA6FC8", "Modification Time": "11/25/2020 7:46:57 PM", "Product Name": "Recuva", "Running": "False", "SHA256": "F1C4C64796AA719F569C4AE6A904A27A768BA48F5AAA735F58E1947E71DCB91A", "Safelisted": "No", "Serial Number": "1266f7a1-603f-405a-9c66-79fa7c15e829", "Signature Status": "Valid", "Signed": "True", "Tenant": "ABC"} +Dec 1 07:17:19 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST088, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: SAMSUNG_Android, External Device Product ID: 6860, External Device Serial Number: 920116e8304b230d, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: e217b1f3-3754-498d-a5a0-0f2e8a597ba4, Policy Name: Workstation - Standard +Dec 1 06:13:53 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST088, External Device Type: WPD, External Device Vendor ID: 04E8, External Device Name: SAMSUNG_Android, External Device Product ID: 6860, External Device Serial Number: 920116e8304b230d, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: e217b1f3-3754-498d-a5a0-0f2e8a597ba4, Policy Name: Workstation - Standard +Dec 1 03:48:58 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST089, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: Redmi 9A, External Device Product ID: FF40, External Device Serial Number: ZL5DTG8DEYAMNRLV, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 0d0ac696-2020-424a-9a01-2167cdd4edc7, Policy Name: Workstation - Standard +Dec 1 03:47:02 sysloghost CylancePROTECT Event Type: DeviceControl, Event Name: fullaccess, Device Name: TESTHOST089, External Device Type: WPD, External Device Vendor ID: 2717, External Device Name: Redmi 9A, External Device Product ID: FF40, External Device Serial Number: ZL5DTG8DEYAMNRLV, Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), Device Id: 0d0ac696-2020-424a-9a01-2167cdd4edc7, Policy Name: Workstation - Standard +Nov 30 19:42:53 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST090, File Path: c:\temp\configmgrclienthealth.ps1, SHA256: DABCF29974F6629FB4FF1250AA5C631AD5EF60BB8A2B9E08E9ADEF45054DE7FD, Interpreter: Powershell, Interpreter Version: 10.0.18362.1 (WinBuild.160101.0800), Zone Names: (Agent Update - Windows - Production 2,Agent Update - Windows - Production 3,Device Type - Workstation), User Name: SYSTEM, Device Id: 075f420d-0db6-4451-872e-1975b77e3866, Policy Name: Workstation - Standard +Nov 30 19:36:17 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST091, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: ba302db3-4659-4064-a57a-4b9bb1be6bd2, Policy Name: Server - CyberArk PSM +Nov 30 14:57:51 sysloghost CylancePROTECT Event Type: ScriptControl, Event Name: Blocked, Device Name: TESTHOST091, File Path: d:\program files (x86)\cyberark\psm\scripts\deploy-connectors.ps1, SHA256: 7212CEF22B57C89A0E20C2FA320B9FC735AFB653045C2490F9AD62A37B54EB53, Interpreter: Powershell, Interpreter Version: 10.0.14393.0 (rs1_release.160715-1616), Zone Names: (Agent Update - Windows - Production 3,Device Type - Server), User Name: SYSTEM, Device Id: ba302db3-4659-4064-a57a-4b9bb1be6bd2, Policy Name: Server - CyberArk PSM +Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST098 was auto assigned to Zone: Agent Update - Windows - Production 1, User: +Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST098 was auto assigned to Zone: Device Type - Workstation, User: +Nov 30 15:30:17 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST098 was auto assigned to Zone: Agent Update - Windows - Production 3, User: +Nov 30 14:03:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST099 was auto assigned to Zone: Agent Update - Windows - Production 3, User: +Nov 30 14:03:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: TESTHOST099 was auto assigned to Zone: Device Type - Workstation, User: +Nov 30 20:38:45 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.248.1.225, User: Test User01 (sanitized@sanitized.com) +Nov 30 19:04:24 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.100.237.101, User: Test User01 (sanitized@sanitized.com) +Nov 30 16:56:53 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0032, User: Test User01 (sanitized@sanitized.com) +Nov 30 16:56:16 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceRemove, Message: Devices: TESTHOST0024, User: Test User01 (sanitized@sanitized.com) +Nov 30 16:55:14 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.44.63.254, User: Test User01 (sanitized@sanitized.com) +Dec 1 09:53:25 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.26.244.12, User: Test User02 (sanitized@sanitized.com) +Dec 1 06:08:40 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.91.129.253, User: Test User02 (sanitized@sanitized.com) +Dec 1 13:06:39 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.246.21.80, User: Test User03 (sanitized@sanitized.com) +Dec 1 11:18:49 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.118.99.219, User: Test User03 (sanitized@sanitized.com) +Nov 30 20:20:10 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.130.191.222, User: Test User03 (sanitized@sanitized.com) +Nov 30 19:11:56 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: DeviceEdit, Message: Device: TESTHOST0014; Policy Changed: 'Server - Standard' to 'Server - Standard - Clone - PHX10448532', User: Test User03 (sanitized@sanitized.com) +Nov 30 19:11:00 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 192.214.171.47, User: Test User03 (sanitized@sanitized.com) +Nov 30 17:56:28 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 172.29.29.216, User: Test User03 (sanitized@sanitized.com) +Dec 1 11:14:44 sysloghost CylancePROTECT Event Type: AuditLog, Event Name: LoginSuccess, Message: Provider: CylancePROTECT, Source IP: 10.229.249.61, User: Test User04 (sanitized@sanitized.com) \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/OracleDatabaseAuditRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/OracleDatabaseAuditRaw.log new file mode 100644 index 00000000000..42bac622451 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/OracleDatabaseAuditRaw.log @@ -0,0 +1,20 @@ +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '230' ACTION :[72] 'select value into :vcomp_txt from v where name = 'compatible'' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '207' ACTION :[49] 'begin dbms_rcvman.setAllIncarnations(TRUE) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '327' ACTION :[168] 'select decode(status, 'OPEN', 1, 0), decode(archiver, 'FAILED', 1, 0), decode(database_status, 'SUSPENDED', 1, 0) into :status, :archstuck, :dbsuspended from v' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '1230' ACTION :[72] 'select value into :vcomp_txt from v where name = 'compatible'' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb02 LENGTH : '394' ACTION :[147] 'select /*+ opt_param('parallel_execution_enabled', 'false') EXEC_FROM_DBMS_XPLAN */ * from gv where 1=0' DATABASE USER:[1] '/' PRIVILEGE :[4] 'NONE' CLIENT USER:[0] '' CLIENT TERMINAL:[7] 'UNKNOWN' STATUS:[1] '0' DBID:[8] '96662630' SESSIONID:[1] '0' USERHOST:[23] 'srvoradb02.wsint.biz' CLIENT ADDRESS:[0] '' ACTION NUMBER:[1] '3' +srvoradb02 LENGTH : '394' ACTION :[147] 'select /*+ opt_param('parallel_execution_enabled', 'false') EXEC_FROM_DBMS_XPLAN */ * from gv where 1=0' DATABASE USER:[1] '/' PRIVILEGE :[4] 'NONE' CLIENT USER:[0] '' CLIENT TERMINAL:[7] 'UNKNOWN' STATUS:[1] '0' DBID:[8] '96662630' SESSIONID:[1] '0' USERHOST:[23] 'srvoradb02.wsint.biz' CLIENT ADDRESS:[0] '' ACTION NUMBER:[1] '3' +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '62344370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043603' +srvoradb21 Oracle Audit[40451]: LENGTH : '3705' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '35370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '351043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '323470' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[3] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352073601' +srvoradb21 Oracle Audit[40451]: LENGTH : '65370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352043601' +srvoradb21 Oracle Audit[40451]: LENGTH : '494' ACTION :[335] 'ontrolfile_record_section rm, v dc, v al, v bp, v do, v offr, v pc, v bs, v ic, v grsp, v' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '352041601' +srvoradb21 Oracle Audit[40451]: LENGTH : '370' ACTION :[211] 'begin sys.dbms_backup_restore.createRmanOutputRow( l0row_id => :l0row_id, l0row_stamp => :l0row_stamp, row_id => :row_id, row_stamp => :row_stamp, txt => :txt, sameline => :i_sameline) end ' DATABASE USER:[12] 'DBOPSUSER' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[0] '' STATUS:[1] '0' DBID:[9] '358043601' +srvoradb02 LENGTH : '371' ACTION :[121] 'SELECT * FROM gv where sql_id = 'g81kw4fp0qpwc' and inst_id = 1 and child_address = hextoraw('000000008A94D010')' DATABASE USER:[1] '/' PRIVILEGE :[4] 'NONE' CLIENT USER:[0] '' CLIENT TERMINAL:[7] 'UNKNOWN' STATUS:[1] '0' DBID:[10] '4048691233' SESSIONID:[1] '0' USERHOST:[23] 'srvoradb02.wsint.biz' CLIENT ADDRESS:[0] '' ACTION NUMBER:[1] '3' \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/SymantecEndpointProtectionRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/SymantecEndpointProtectionRaw.log new file mode 100644 index 00000000000..554304a6d98 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/SymantecEndpointProtectionRaw.log @@ -0,0 +1,237 @@ +SERVER0007 HOST587138,Local Host IP: 192.113.118.131,Local Port: 60682,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.113.118.131,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:01,End Time: 2020-12-16 06:15:10,Occurrences: 3,Application: C:/Users/testuser16/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser64,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST842964,Local Host IP: 192.116.240.126,Local Port: 60683,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.116.240.126,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:01,End Time: 2020-12-16 06:15:10,Occurrences: 3,Application: C:/Users/testuser39/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser50,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST507638,Local Host IP: 10.214.129.55,Local Port: 60684,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.214.129.55,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:03,End Time: 2020-12-16 06:15:12,Occurrences: 3,Application: C:/Users/testuser42/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser54,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST190960,Local Host IP: 192.82.123.193,Local Port: 60685,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.82.123.193,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:14,End Time: 2020-12-16 06:15:23,Occurrences: 3,Application: C:/Users/testuser14/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser28,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST518890,Local Host IP: 172.63.32.112,Local Port: 60688,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.63.32.112,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:22,End Time: 2020-12-16 06:15:31,Occurrences: 3,Application: C:/Users/testuser22/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser69,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST431244,Local Host IP: 10.225.15.12,Local Port: 60689,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.225.15.12,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:22,End Time: 2020-12-16 06:15:31,Occurrences: 3,Application: C:/Users/testuser49/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser11,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST784739,Local Host IP: 10.215.41.24,Local Port: 60690,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.215.41.24,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:24,End Time: 2020-12-16 06:15:33,Occurrences: 3,Application: C:/Users/testuser97/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser3,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST668816,Local Host IP: 10.84.177.100,Local Port: 60691,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.84.177.100,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:35,End Time: 2020-12-16 06:15:44,Occurrences: 3,Application: C:/Users/testuser77/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser16,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST794767,Local Host IP: 172.191.6.252,Local Port: 60692,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.191.6.252,Remote Host Name: clients5.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:43,End Time: 2020-12-16 06:15:52,Occurrences: 3,Application: C:/Users/testuser33/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser66,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST901224,Local Host IP: 192.39.211.215,Local Port: 60693,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.39.211.215,Remote Host Name: clients5.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:43,End Time: 2020-12-16 06:15:52,Occurrences: 3,Application: C:/Users/testuser18/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser62,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST596872,Local Host IP: 10.53.66.107,Local Port: 60694,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.53.66.107,Remote Host Name: clients5.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:45,End Time: 2020-12-16 06:15:54,Occurrences: 3,Application: C:/Users/testuser55/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser88,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST624346,Local Host IP: 172.94.124.183,Local Port: 60695,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.94.124.183,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:15:56,End Time: 2020-12-16 06:16:05,Occurrences: 3,Application: C:/Users/testuser1/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser30,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST766223,Local Host IP: 192.200.243.168,Local Port: 60697,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.200.243.168,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:04,End Time: 2020-12-16 06:16:13,Occurrences: 3,Application: C:/Users/testuser5/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser65,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST832267,Local Host IP: 172.220.92.234,Local Port: 60698,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.220.92.234,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:04,End Time: 2020-12-16 06:16:13,Occurrences: 3,Application: C:/Users/testuser9/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser99,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST782661,Local Host IP: 10.235.64.143,Local Port: 60699,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.235.64.143,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:06,End Time: 2020-12-16 06:16:15,Occurrences: 3,Application: C:/Users/testuser42/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser74,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST621057,Local Host IP: 172.4.126.251,Local Port: 60700,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.4.126.251,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:17,End Time: 2020-12-16 06:16:26,Occurrences: 3,Application: C:/Users/testuser9/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser13,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST308018,Local Host IP: 172.110.76.103,Local Port: 60701,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.110.76.103,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:25,End Time: 2020-12-16 06:16:34,Occurrences: 3,Application: C:/Users/testuser15/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser47,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST800764,Local Host IP: 172.63.243.247,Local Port: 60702,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.63.243.247,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:25,End Time: 2020-12-16 06:16:34,Occurrences: 3,Application: C:/Users/testuser47/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser52,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST764770,Local Host IP: 10.99.87.119,Local Port: 60703,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.99.87.119,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:27,End Time: 2020-12-16 06:16:37,Occurrences: 3,Application: C:/Users/testuser8/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser71,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST999597,Local Host IP: 172.212.147.91,Local Port: 60704,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.212.147.91,Remote Host Name: clients5.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:38,End Time: 2020-12-16 06:16:47,Occurrences: 3,Application: C:/Users/testuser66/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser55,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST598926,Local Host IP: 192.13.187.191,Local Port: 60706,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.13.187.191,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:46,End Time: 2020-12-16 06:16:55,Occurrences: 3,Application: C:/Users/testuser97/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser59,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST201126,Local Host IP: 172.138.54.5,Local Port: 60707,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.138.54.5,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:46,End Time: 2020-12-16 06:16:55,Occurrences: 3,Application: C:/Users/testuser27/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser39,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST209891,Local Host IP: 172.33.58.173,Local Port: 60708,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.33.58.173,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:49,End Time: 2020-12-16 06:16:58,Occurrences: 3,Application: C:/Users/testuser57/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser65,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST288870,Local Host IP: 10.157.169.232,Local Port: 60709,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.157.169.232,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:16:59,End Time: 2020-12-16 06:17:08,Occurrences: 3,Application: C:/Users/testuser97/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser77,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST925895,Local Host IP: 192.61.165.57,Local Port: 60710,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.61.165.57,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:07,End Time: 2020-12-16 06:17:16,Occurrences: 3,Application: C:/Users/testuser53/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser67,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST867978,Local Host IP: 192.121.29.186,Local Port: 60711,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.121.29.186,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:07,End Time: 2020-12-16 06:17:16,Occurrences: 3,Application: C:/Users/testuser96/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser54,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST442942,Local Host IP: 172.50.134.95,Local Port: 60712,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.50.134.95,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:10,End Time: 2020-12-16 06:17:19,Occurrences: 3,Application: C:/Users/testuser83/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser42,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST225909,Local Host IP: 172.95.101.139,Local Port: 60713,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.95.101.139,Remote Host Name: apis.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:16,End Time: 2020-12-16 06:17:25,Occurrences: 3,Application: C:/Users/testuser64/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser76,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST741158,Local Host IP: 192.70.69.100,Local Port: 60714,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.70.69.100,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:20,End Time: 2020-12-16 06:17:29,Occurrences: 3,Application: C:/Users/testuser88/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser9,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST824181,Local Host IP: 172.153.212.27,Local Port: 60716,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.153.212.27,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:28,End Time: 2020-12-16 06:17:31,Occurrences: 2,Application: C:/Users/testuser12/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser34,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST823655,Local Host IP: 172.39.107.183,Local Port: 60717,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.39.107.183,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:28,End Time: 2020-12-16 06:17:31,Occurrences: 2,Application: C:/Users/testuser23/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser36,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST168657,Local Host IP: 192.133.208.155,Local Port: 60718,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.133.208.155,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:31,End Time: 2020-12-16 06:17:34,Occurrences: 2,Application: C:/Users/testuser45/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser65,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST666641,Local Host IP: 10.179.145.83,Local Port: 60719,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.179.145.83,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:37,End Time: 2020-12-16 06:17:46,Occurrences: 3,Application: C:/Users/testuser60/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser78,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST251267,Local Host IP: 172.186.73.154,Local Port: 60720,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.186.73.154,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:41,End Time: 2020-12-16 06:17:50,Occurrences: 3,Application: C:/Users/testuser94/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser11,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST375940,Local Host IP: 172.233.33.127,Local Port: 60724,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.233.33.127,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:17:58,End Time: 2020-12-16 06:18:07,Occurrences: 3,Application: C:/Users/testuser22/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser43,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST894304,Local Host IP: 192.65.70.153,Local Port: 60725,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.65.70.153,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:02,End Time: 2020-12-16 06:18:11,Occurrences: 3,Application: C:/Users/testuser47/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser82,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST783842,Local Host IP: 172.71.45.78,Local Port: 60726,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.71.45.78,Remote Host Name: apis.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:03,End Time: 2020-12-16 06:18:12,Occurrences: 3,Application: C:/Users/testuser1/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser54,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST997933,Local Host IP: 192.149.31.107,Local Port: 60727,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.149.31.107,Remote Host Name: apis.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:04,End Time: 2020-12-16 06:18:13,Occurrences: 3,Application: C:/Users/testuser46/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser29,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST359815,Local Host IP: 172.190.182.165,Local Port: 60732,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.190.182.165,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:19,End Time: 2020-12-16 06:18:28,Occurrences: 3,Application: C:/Users/testuser73/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser66,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST110016,Local Host IP: 10.119.253.141,Local Port: 60735,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.119.253.141,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:23,End Time: 2020-12-16 06:18:26,Occurrences: 2,Application: C:/Users/testuser14/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser22,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST469660,Local Host IP: 192.128.36.43,Local Port: 60736,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.128.36.43,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:24,End Time: 2020-12-16 06:18:33,Occurrences: 3,Application: C:/Users/testuser20/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser36,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST313480,Local Host IP: 172.184.166.108,Local Port: 60737,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.184.166.108,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:25,End Time: 2020-12-16 06:18:34,Occurrences: 3,Application: C:/Users/testuser12/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser23,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST638814,Local Host IP: 192.167.167.147,Local Port: 60738,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.167.167.147,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:28,End Time: 2020-12-16 06:18:37,Occurrences: 3,Application: C:/Users/testuser77/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser59,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST583911,Local Host IP: 172.142.82.123,Local Port: 60739,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.142.82.123,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:28,End Time: 2020-12-16 06:18:37,Occurrences: 3,Application: C:/Users/testuser61/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser61,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST513346,Local Host IP: 10.228.134.223,Local Port: 60740,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.228.134.223,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:28,End Time: 2020-12-16 06:18:37,Occurrences: 3,Application: C:/Users/testuser16/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser81,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST744223,Local Host IP: 10.210.226.141,Local Port: 60741,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.210.226.141,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:28,End Time: 2020-12-16 06:18:37,Occurrences: 3,Application: C:/Users/testuser32/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser21,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST888561,Local Host IP: 10.114.38.135,Local Port: 60742,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.114.38.135,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:40,End Time: 2020-12-16 06:18:49,Occurrences: 3,Application: C:/Users/testuser37/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser64,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST339125,Local Host IP: 172.66.134.139,Local Port: 60747,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.66.134.139,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:45,End Time: 2020-12-16 06:18:54,Occurrences: 3,Application: C:/Users/testuser85/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser73,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST759593,Local Host IP: 192.161.215.246,Local Port: 60749,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.161.215.246,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:46,End Time: 2020-12-16 06:18:55,Occurrences: 3,Application: C:/Users/testuser66/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser79,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST437316,Local Host IP: 192.9.196.143,Local Port: 60750,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.9.196.143,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:49,End Time: 2020-12-16 06:18:58,Occurrences: 3,Application: C:/Users/testuser31/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST894479,Local Host IP: 192.239.47.84,Local Port: 60751,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.239.47.84,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:49,End Time: 2020-12-16 06:18:58,Occurrences: 3,Application: C:/Users/testuser87/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser73,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST564546,Local Host IP: 10.168.184.150,Local Port: 60752,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.168.184.150,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:49,End Time: 2020-12-16 06:18:58,Occurrences: 3,Application: C:/Users/testuser92/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser50,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST820269,Local Host IP: 172.21.249.180,Local Port: 60811,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.21.249.180,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:10,End Time: 2020-12-16 06:23:19,Occurrences: 3,Application: C:/Users/testuser53/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST403533,Local Host IP: 10.210.161.137,Local Port: 60812,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.210.161.137,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:15,End Time: 2020-12-16 06:23:24,Occurrences: 3,Application: C:/Users/testuser85/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser30,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST198968,Local Host IP: 10.74.124.209,Local Port: 60815,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.74.124.209,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:23,End Time: 2020-12-16 06:23:32,Occurrences: 3,Application: C:/Users/testuser9/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser99,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST143604,Local Host IP: 172.176.208.11,Local Port: 60817,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.176.208.11,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:30,End Time: 2020-12-16 06:23:39,Occurrences: 3,Application: C:/Users/testuser58/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser15,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST223795,Local Host IP: 10.186.56.219,Local Port: 60818,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.186.56.219,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:31,End Time: 2020-12-16 06:23:40,Occurrences: 3,Application: C:/Users/testuser89/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser75,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST150935,Local Host IP: 192.31.234.244,Local Port: 60822,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.31.234.244,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:36,End Time: 2020-12-16 06:23:45,Occurrences: 3,Application: C:/Users/testuser99/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser85,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST645381,Local Host IP: 192.159.227.132,Local Port: 60823,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.159.227.132,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:44,End Time: 2020-12-16 06:23:53,Occurrences: 3,Application: C:/Users/testuser93/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser43,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST448376,Local Host IP: 10.165.77.181,Local Port: 60828,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.165.77.181,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:51,End Time: 2020-12-16 06:24:00,Occurrences: 3,Application: C:/Users/testuser16/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser34,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST571813,Local Host IP: 172.118.100.241,Local Port: 60829,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.118.100.241,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:52,End Time: 2020-12-16 06:24:01,Occurrences: 3,Application: C:/Users/testuser71/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser82,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST362236,Local Host IP: 10.39.85.29,Local Port: 60831,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.39.85.29,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:57,End Time: 2020-12-16 06:24:06,Occurrences: 3,Application: C:/Users/testuser80/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser91,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST701091,Local Host IP: 192.124.244.153,Local Port: 60836,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.124.244.153,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:05,End Time: 2020-12-16 06:24:14,Occurrences: 3,Application: C:/Users/testuser22/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser1,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST199032,Local Host IP: 192.136.60.253,Local Port: 60837,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.136.60.253,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:10,End Time: 2020-12-16 06:24:19,Occurrences: 3,Application: C:/Users/testuser7/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser28,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST283451,Local Host IP: 10.33.31.88,Local Port: 60838,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.33.31.88,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:10,End Time: 2020-12-16 06:24:19,Occurrences: 3,Application: C:/Users/testuser91/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser24,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST968939,Local Host IP: 172.26.215.17,Local Port: 60839,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.26.215.17,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:10,End Time: 2020-12-16 06:24:19,Occurrences: 3,Application: C:/Users/testuser37/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser15,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST822417,Local Host IP: 10.245.149.77,Local Port: 60840,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.245.149.77,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:10,End Time: 2020-12-16 06:24:19,Occurrences: 3,Application: C:/Users/testuser15/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser51,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST627771,Local Host IP: 172.84.141.188,Local Port: 60841,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.84.141.188,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:12,End Time: 2020-12-16 06:24:21,Occurrences: 3,Application: C:/Users/testuser88/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser66,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST154247,Local Host IP: 192.154.114.17,Local Port: 60842,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.154.114.17,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:13,End Time: 2020-12-16 06:24:22,Occurrences: 3,Application: C:/Users/testuser27/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser64,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST340947,Local Host IP: 192.82.217.145,Local Port: 60844,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.82.217.145,Remote Host Name: desktop-assistant-sub.osp.opera.software,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:15,End Time: 2020-12-16 06:24:24,Occurrences: 3,Application: C:/Users/testuser97/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST748658,Local Host IP: 172.122.62.71,Local Port: 60845,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.122.62.71,Remote Host Name: desktop-assistant-sub.osp.opera.software,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:15,End Time: 2020-12-16 06:24:24,Occurrences: 3,Application: C:/Users/testuser59/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser98,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST311135,Local Host IP: 192.42.200.230,Local Port: 60846,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.42.200.230,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:18,End Time: 2020-12-16 06:24:27,Occurrences: 3,Application: C:/Users/testuser26/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser48,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST203345,Local Host IP: 172.88.49.172,Local Port: 60847,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.88.49.172,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:26,End Time: 2020-12-16 06:24:35,Occurrences: 3,Application: C:/Users/testuser6/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser57,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST415276,Local Host IP: 172.164.128.221,Local Port: 60848,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.164.128.221,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:31,End Time: 2020-12-16 06:24:40,Occurrences: 3,Application: C:/Users/testuser25/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser35,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST466631,Local Host IP: 192.164.53.227,Local Port: 60849,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.164.53.227,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:31,End Time: 2020-12-16 06:24:40,Occurrences: 3,Application: C:/Users/testuser58/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser48,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST841775,Local Host IP: 192.240.5.7,Local Port: 60850,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.240.5.7,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:31,End Time: 2020-12-16 06:24:40,Occurrences: 3,Application: C:/Users/testuser62/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser97,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST292145,Local Host IP: 172.103.41.166,Local Port: 60851,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.103.41.166,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:31,End Time: 2020-12-16 06:24:40,Occurrences: 3,Application: C:/Users/testuser4/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser9,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST811111,Local Host IP: 192.215.181.189,Local Port: 60852,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.215.181.189,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:33,End Time: 2020-12-16 06:24:42,Occurrences: 3,Application: C:/Users/testuser10/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser81,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST946175,Local Host IP: 10.17.202.72,Local Port: 60853,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.17.202.72,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:34,End Time: 2020-12-16 06:24:43,Occurrences: 3,Application: C:/Users/testuser48/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser26,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST943751,Local Host IP: 172.214.91.36,Local Port: 60854,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.214.91.36,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:39,End Time: 2020-12-16 06:24:48,Occurrences: 3,Application: C:/Users/testuser19/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser43,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST810006,Local Host IP: 10.69.54.46,Local Port: 60856,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.69.54.46,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:47,End Time: 2020-12-16 06:24:56,Occurrences: 3,Application: C:/Users/testuser13/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser22,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST535019,Local Host IP: 172.111.161.79,Local Port: 60857,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.111.161.79,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:54,End Time: 2020-12-16 06:25:03,Occurrences: 3,Application: C:/Users/testuser44/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST544127,Local Host IP: 172.55.255.171,Local Port: 60858,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.55.255.171,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:24:55,End Time: 2020-12-16 06:25:04,Occurrences: 3,Application: C:/Users/testuser21/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser67,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST459899,Local Host IP: 172.246.141.216,Local Port: 60860,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.246.141.216,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:00,End Time: 2020-12-16 06:25:09,Occurrences: 3,Application: C:/Users/testuser78/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser74,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST380982,Local Host IP: 192.52.102.135,Local Port: 60861,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.52.102.135,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:08,End Time: 2020-12-16 06:25:17,Occurrences: 3,Application: C:/Users/testuser59/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser6,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST845793,Local Host IP: 172.204.190.191,Local Port: 60862,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.204.190.191,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:15,End Time: 2020-12-16 06:25:24,Occurrences: 3,Application: C:/Users/testuser11/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser28,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST670753,Local Host IP: 192.84.139.150,Local Port: 60863,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.84.139.150,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:16,End Time: 2020-12-16 06:25:25,Occurrences: 3,Application: C:/Users/testuser72/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser72,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST694719,Local Host IP: 10.24.205.26,Local Port: 60865,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.24.205.26,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:21,End Time: 2020-12-16 06:25:30,Occurrences: 3,Application: C:/Users/testuser45/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser40,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST140523,Local Host IP: 10.95.150.6,Local Port: 60866,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.95.150.6,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:29,End Time: 2020-12-16 06:25:38,Occurrences: 3,Application: C:/Users/testuser37/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser88,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST786856,Local Host IP: 192.113.41.251,Local Port: 60867,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.113.41.251,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:36,End Time: 2020-12-16 06:25:45,Occurrences: 3,Application: C:/Users/testuser60/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser89,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST958799,Local Host IP: 10.119.116.237,Local Port: 60869,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.119.116.237,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:37,End Time: 2020-12-16 06:25:46,Occurrences: 3,Application: C:/Users/testuser2/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser97,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST849826,Local Host IP: 192.106.57.227,Local Port: 60870,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.106.57.227,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:42,End Time: 2020-12-16 06:25:51,Occurrences: 3,Application: C:/Users/testuser42/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser40,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST370851,Local Host IP: 10.49.177.39,Local Port: 60871,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.49.177.39,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:50,End Time: 2020-12-16 06:25:59,Occurrences: 3,Application: C:/Users/testuser89/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser49,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST298488,Local Host IP: 10.44.54.6,Local Port: 60872,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.44.54.6,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:57,End Time: 2020-12-16 06:26:00,Occurrences: 2,Application: C:/Users/testuser70/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser99,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST707590,Local Host IP: 10.79.49.95,Local Port: 60873,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.79.49.95,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:25:58,End Time: 2020-12-16 06:26:01,Occurrences: 2,Application: C:/Users/testuser95/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser40,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST711333,Local Host IP: 192.205.176.168,Local Port: 60874,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.205.176.168,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:26:03,End Time: 2020-12-16 06:26:12,Occurrences: 3,Application: C:/Users/testuser59/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser27,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST887442,Local Host IP: 172.36.202.248,Local Port: 60876,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.36.202.248,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:26:11,End Time: 2020-12-16 06:26:20,Occurrences: 3,Application: C:/Users/testuser7/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser8,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST867339,Local Host IP: 10.111.82.216,Local Port: 60878,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.111.82.216,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:26:24,End Time: 2020-12-16 06:26:33,Occurrences: 3,Application: C:/Users/testuser70/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser21,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST652054,Local Host IP: 10.115.44.53,Local Port: 60879,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.115.44.53,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:26:32,End Time: 2020-12-16 06:26:41,Occurrences: 3,Application: C:/Users/testuser71/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser61,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST987308,Local Host IP: 192.71.50.42,Local Port: 60882,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.71.50.42,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:26:45,End Time: 2020-12-16 06:26:48,Occurrences: 2,Application: C:/Users/testuser49/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST916338,Local Host IP: 192.233.165.1,Local Port: 60884,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.233.165.1,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:26:53,End Time: 2020-12-16 06:27:02,Occurrences: 3,Application: C:/Users/testuser33/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser36,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST365032,Local Host IP: 172.49.4.118,Local Port: 60886,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.49.4.118,Remote Host Name: gcfunion.com,Remote Port: 80,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:27:08,End Time: 2020-12-16 06:27:17,Occurrences: 3,Application: C:/Users/testuser97/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser29,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST515849,Local Host IP: 10.65.82.74,Local Port: 60887,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.65.82.74,Remote Host Name: gcfunion.com,Remote Port: 80,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:27:08,End Time: 2020-12-16 06:27:17,Occurrences: 3,Application: C:/Users/testuser66/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser92,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST841819,Local Host IP: 172.64.208.207,Local Port: 60888,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.64.208.207,Remote Host Name: gcfunion.com,Remote Port: 80,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:27:08,End Time: 2020-12-16 06:27:17,Occurrences: 3,Application: C:/Users/testuser36/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser69,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST563180,Local Host IP: 192.141.3.19,Local Port: 60891,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.141.3.19,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:27:14,End Time: 2020-12-16 06:27:17,Occurrences: 2,Application: C:/Users/testuser50/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser73,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST537598,Local Host IP: 172.91.43.30,Local Port: 60894,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.91.43.30,Remote Host Name: clients2.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:28:01,End Time: 2020-12-16 06:28:10,Occurrences: 3,Application: C:/Users/testuser80/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser77,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST659293,Local Host IP: 192.107.88.16,Local Port: 60895,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.107.88.16,Remote Host Name: clients2.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:28:02,End Time: 2020-12-16 06:28:11,Occurrences: 3,Application: C:/Users/testuser38/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser61,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST170107,Local Host IP: 172.71.44.42,Local Port: 60896,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.71.44.42,Remote Host Name: clients2.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:28:04,End Time: 2020-12-16 06:28:13,Occurrences: 3,Application: C:/Users/testuser80/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser67,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST122942,Local Host IP: 172.94.98.186,Local Port: 60901,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.94.98.186,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:28:22,End Time: 2020-12-16 06:28:31,Occurrences: 3,Application: C:/Users/testuser37/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser44,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST708321,Local Host IP: 192.6.248.197,Local Port: 60902,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.6.248.197,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:28:23,End Time: 2020-12-16 06:28:32,Occurrences: 3,Application: C:/Users/testuser40/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser45,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST264271,Local Host IP: 10.15.66.249,Local Port: 60903,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.15.66.249,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:28:25,End Time: 2020-12-16 06:28:34,Occurrences: 3,Application: C:/Users/testuser50/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser67,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST149302,Local Host IP: 192.67.84.101,Local Port: 60753,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.67.84.101,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:49,End Time: 2020-12-16 06:18:58,Occurrences: 3,Application: C:/Users/testuser60/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser54,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST415528,Local Host IP: 172.192.199.185,Local Port: 60754,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.192.199.185,Remote Host Name: mtalk.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:52,End Time: 2020-12-16 06:19:01,Occurrences: 3,Application: C:/Users/testuser2/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser45,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST654095,Local Host IP: 172.102.118.156,Local Port: 60755,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.102.118.156,Remote Host Name: desktop-assistant-sub.osp.opera.software,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:53,End Time: 2020-12-16 06:19:02,Occurrences: 3,Application: C:/Users/testuser27/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser56,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST768818,Local Host IP: 172.202.11.73,Local Port: 60756,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.202.11.73,Remote Host Name: desktop-assistant-sub.osp.opera.software,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:18:54,End Time: 2020-12-16 06:19:03,Occurrences: 3,Application: C:/Users/testuser90/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser59,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST963244,Local Host IP: 192.231.202.216,Local Port: 60761,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.231.202.216,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:01,End Time: 2020-12-16 06:19:10,Occurrences: 3,Application: C:/Users/testuser41/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser90,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST859280,Local Host IP: 10.81.72.58,Local Port: 60762,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.81.72.58,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:06,End Time: 2020-12-16 06:19:15,Occurrences: 3,Application: C:/Users/testuser79/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser66,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST589590,Local Host IP: 10.5.170.200,Local Port: 60763,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.5.170.200,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:07,End Time: 2020-12-16 06:19:16,Occurrences: 3,Application: C:/Users/testuser56/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser48,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST514647,Local Host IP: 192.201.184.212,Local Port: 60764,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.201.184.212,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:22,End Time: 2020-12-16 06:19:31,Occurrences: 3,Application: C:/Users/testuser55/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser38,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST676393,Local Host IP: 10.193.65.97,Local Port: 60766,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.193.65.97,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:27,End Time: 2020-12-16 06:19:36,Occurrences: 3,Application: C:/Users/testuser54/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser38,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST988292,Local Host IP: 172.239.118.46,Local Port: 60767,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.239.118.46,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:28,End Time: 2020-12-16 06:19:37,Occurrences: 3,Application: C:/Users/testuser26/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser78,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST773485,Local Host IP: 10.206.255.48,Local Port: 60769,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.206.255.48,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:43,End Time: 2020-12-16 06:19:52,Occurrences: 3,Application: C:/Users/testuser98/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser7,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST374099,Local Host IP: 10.158.170.177,Local Port: 60770,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.158.170.177,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:48,End Time: 2020-12-16 06:19:57,Occurrences: 3,Application: C:/Users/testuser38/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser87,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST400304,Local Host IP: 172.150.246.156,Local Port: 60771,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.150.246.156,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:19:49,End Time: 2020-12-16 06:19:58,Occurrences: 3,Application: C:/Users/testuser76/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser25,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST657506,Local Host IP: 10.44.253.194,Local Port: 60772,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.44.253.194,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:04,End Time: 2020-12-16 06:20:13,Occurrences: 3,Application: C:/Users/testuser2/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser21,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST842837,Local Host IP: 10.206.73.145,Local Port: 60775,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.206.73.145,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:09,End Time: 2020-12-16 06:20:18,Occurrences: 3,Application: C:/Users/testuser17/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser82,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST844952,Local Host IP: 192.122.80.161,Local Port: 60776,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.122.80.161,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:10,End Time: 2020-12-16 06:20:19,Occurrences: 3,Application: C:/Users/testuser42/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser88,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST382405,Local Host IP: 172.61.210.67,Local Port: 60778,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.61.210.67,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:25,End Time: 2020-12-16 06:20:34,Occurrences: 3,Application: C:/Users/testuser23/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser6,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST661320,Local Host IP: 192.73.188.24,Local Port: 60779,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.73.188.24,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:30,End Time: 2020-12-16 06:20:39,Occurrences: 3,Application: C:/Users/testuser53/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser12,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST263170,Local Host IP: 10.45.121.72,Local Port: 60780,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.45.121.72,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:31,End Time: 2020-12-16 06:20:40,Occurrences: 3,Application: C:/Users/testuser67/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser51,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST407310,Local Host IP: 10.134.128.151,Local Port: 60781,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.134.128.151,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:46,End Time: 2020-12-16 06:20:55,Occurrences: 3,Application: C:/Users/testuser51/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser33,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST623916,Local Host IP: 172.171.226.37,Local Port: 60783,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.171.226.37,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:51,End Time: 2020-12-16 06:21:00,Occurrences: 3,Application: C:/Users/testuser49/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser40,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST127837,Local Host IP: 192.90.64.227,Local Port: 60784,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.90.64.227,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:20:52,End Time: 2020-12-16 06:21:01,Occurrences: 3,Application: C:/Users/testuser95/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser2,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST693103,Local Host IP: 10.25.36.119,Local Port: 60786,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.25.36.119,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:07,End Time: 2020-12-16 06:21:10,Occurrences: 2,Application: C:/Users/testuser64/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser32,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST555526,Local Host IP: 172.65.61.189,Local Port: 60787,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.65.61.189,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:12,End Time: 2020-12-16 06:21:21,Occurrences: 3,Application: C:/Users/testuser37/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser17,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST692927,Local Host IP: 192.199.172.41,Local Port: 60788,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.199.172.41,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:13,End Time: 2020-12-16 06:21:22,Occurrences: 3,Application: C:/Users/testuser53/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser17,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST288880,Local Host IP: 10.63.91.248,Local Port: 60791,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.63.91.248,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:33,End Time: 2020-12-16 06:21:42,Occurrences: 3,Application: C:/Users/testuser21/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser4,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST370628,Local Host IP: 192.245.217.83,Local Port: 60792,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.245.217.83,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:34,End Time: 2020-12-16 06:21:43,Occurrences: 3,Application: C:/Users/testuser19/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser12,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST747192,Local Host IP: 10.197.23.225,Local Port: 60795,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.197.23.225,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:54,End Time: 2020-12-16 06:21:57,Occurrences: 2,Application: C:/Users/testuser98/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser76,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST862299,Local Host IP: 172.172.239.252,Local Port: 60796,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.172.239.252,Remote Host Name: www.google-analytics.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:21:55,End Time: 2020-12-16 06:21:58,Occurrences: 2,Application: C:/Users/testuser10/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser42,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST266440,Local Host IP: 192.70.210.113,Local Port: 60797,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.70.210.113,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:06,End Time: 2020-12-16 06:22:15,Occurrences: 3,Application: C:/Users/testuser61/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser82,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST953255,Local Host IP: 172.46.140.189,Local Port: 60798,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.46.140.189,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:07,End Time: 2020-12-16 06:22:16,Occurrences: 3,Application: C:/Users/testuser78/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser15,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST569440,Local Host IP: 172.252.14.201,Local Port: 60800,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.252.14.201,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:27,End Time: 2020-12-16 06:22:36,Occurrences: 3,Application: C:/Users/testuser68/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser61,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST510580,Local Host IP: 192.132.232.232,Local Port: 60801,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.132.232.232,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:28,End Time: 2020-12-16 06:22:37,Occurrences: 3,Application: C:/Users/testuser10/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser17,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST290550,Local Host IP: 10.48.255.74,Local Port: 60803,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.48.255.74,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:48,End Time: 2020-12-16 06:22:57,Occurrences: 3,Application: C:/Users/testuser69/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser96,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST212776,Local Host IP: 192.227.33.46,Local Port: 60804,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.227.33.46,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:49,End Time: 2020-12-16 06:22:58,Occurrences: 3,Application: C:/Users/testuser12/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser53,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST630469,Local Host IP: 10.53.120.199,Local Port: 60806,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.53.120.199,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:22:54,End Time: 2020-12-16 06:23:03,Occurrences: 3,Application: C:/Users/testuser67/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser22,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST308059,Local Host IP: 172.195.243.228,Local Port: 60810,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.195.243.228,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 06:23:09,End Time: 2020-12-16 06:23:18,Occurrences: 3,Application: C:/Users/testuser71/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST978361,Local Host IP: 10.71.102.149,Local Port: 60310,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.71.102.149,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:53:23,End Time: 2020-12-16 05:53:32,Occurrences: 3,Application: C:/Users/testuser8/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser38,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST515626,Local Host IP: 192.157.176.215,Local Port: 60311,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.157.176.215,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:53:23,End Time: 2020-12-16 05:53:32,Occurrences: 3,Application: C:/Users/testuser19/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser75,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST481835,Local Host IP: 172.250.219.88,Local Port: 60314,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.250.219.88,Remote Host Name: apis.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:53:40,End Time: 2020-12-16 05:53:49,Occurrences: 3,Application: C:/Users/testuser88/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser70,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST163173,Local Host IP: 172.67.230.137,Local Port: 60319,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.67.230.137,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:53:44,End Time: 2020-12-16 05:53:53,Occurrences: 3,Application: C:/Users/testuser12/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser28,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST734417,Local Host IP: 172.61.170.123,Local Port: 60320,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.61.170.123,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:53:44,End Time: 2020-12-16 05:53:53,Occurrences: 3,Application: C:/Users/testuser27/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser14,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST774600,Local Host IP: 172.250.129.24,Local Port: 60321,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.250.129.24,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:01,End Time: 2020-12-16 05:54:10,Occurrences: 3,Application: C:/Users/testuser95/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser22,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST102958,Local Host IP: 172.22.233.45,Local Port: 60322,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.22.233.45,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:05,End Time: 2020-12-16 05:54:14,Occurrences: 3,Application: C:/Users/testuser45/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser16,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST818885,Local Host IP: 172.182.245.32,Local Port: 60323,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.182.245.32,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:05,End Time: 2020-12-16 05:54:14,Occurrences: 3,Application: C:/Users/testuser4/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser47,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST831491,Local Host IP: 172.178.149.169,Local Port: 60325,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.178.149.169,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:17,End Time: 2020-12-16 05:54:26,Occurrences: 3,Application: C:/Users/testuser89/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser87,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST731312,Local Host IP: 172.211.142.239,Local Port: 60326,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.211.142.239,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:22,End Time: 2020-12-16 05:54:31,Occurrences: 3,Application: C:/Users/testuser90/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser92,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST220345,Local Host IP: 172.67.240.184,Local Port: 60327,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.67.240.184,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:26,End Time: 2020-12-16 05:54:29,Occurrences: 2,Application: C:/Users/testuser28/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser63,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST388790,Local Host IP: 192.158.51.134,Local Port: 60328,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.158.51.134,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:26,End Time: 2020-12-16 05:54:35,Occurrences: 3,Application: C:/Users/testuser68/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser81,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST203898,Local Host IP: 192.20.188.140,Local Port: 60329,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.20.188.140,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:30,End Time: 2020-12-16 05:54:39,Occurrences: 3,Application: C:/Users/testuser16/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser57,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0007 HOST524356,Local Host IP: 172.146.7.255,Local Port: 60332,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.146.7.255,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:38,End Time: 2020-12-16 05:54:47,Occurrences: 3,Application: C:/Users/testuser30/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser41,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST394404,Local Host IP: 192.123.103.72,Local Port: 60334,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.123.103.72,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:43,End Time: 2020-12-16 05:54:52,Occurrences: 3,Application: C:/Users/testuser80/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser55,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST398951,Local Host IP: 10.37.86.90,Local Port: 60338,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.37.86.90,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:47,End Time: 2020-12-16 05:54:56,Occurrences: 3,Application: C:/Users/testuser8/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser50,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST706502,Local Host IP: 192.55.154.216,Local Port: 60340,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.55.154.216,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:51,End Time: 2020-12-16 05:55:00,Occurrences: 3,Application: C:/Users/testuser88/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser71,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST949543,Local Host IP: 172.173.205.48,Local Port: 60341,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.173.205.48,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:54:59,End Time: 2020-12-16 05:55:08,Occurrences: 3,Application: C:/Users/testuser68/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser6,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST162849,Local Host IP: 172.191.55.185,Local Port: 60342,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.191.55.185,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:04,End Time: 2020-12-16 05:55:13,Occurrences: 3,Application: C:/Users/testuser24/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser70,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST374816,Local Host IP: 192.64.120.47,Local Port: 60343,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.64.120.47,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:06,End Time: 2020-12-16 05:55:15,Occurrences: 3,Application: C:/Users/testuser90/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser46,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST176492,Local Host IP: 172.4.32.64,Local Port: 60344,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.4.32.64,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:06,End Time: 2020-12-16 05:55:15,Occurrences: 3,Application: C:/Users/testuser31/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser73,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST448563,Local Host IP: 10.170.223.82,Local Port: 60345,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.170.223.82,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:08,End Time: 2020-12-16 05:55:17,Occurrences: 3,Application: C:/Users/testuser49/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser29,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST290406,Local Host IP: 192.189.47.189,Local Port: 60347,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.189.47.189,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:12,End Time: 2020-12-16 05:55:21,Occurrences: 3,Application: C:/Users/testuser14/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser19,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST663381,Local Host IP: 172.167.26.47,Local Port: 60350,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.167.26.47,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:20,End Time: 2020-12-16 05:55:29,Occurrences: 3,Application: C:/Users/testuser67/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser66,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST619897,Local Host IP: 172.252.85.174,Local Port: 60351,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.252.85.174,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:25,End Time: 2020-12-16 05:55:34,Occurrences: 3,Application: C:/Users/testuser26/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser39,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST124622,Local Host IP: 10.119.79.107,Local Port: 60355,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.119.79.107,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:29,End Time: 2020-12-16 05:55:32,Occurrences: 2,Application: C:/Users/testuser7/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser26,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST483909,Local Host IP: 10.142.20.49,Local Port: 60352,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.142.20.49,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:27,End Time: 2020-12-16 05:55:36,Occurrences: 3,Application: C:/Users/testuser93/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser43,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST103767,Local Host IP: 172.148.91.103,Local Port: 60353,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.148.91.103,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:27,End Time: 2020-12-16 05:55:36,Occurrences: 3,Application: C:/Users/testuser41/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser20,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST502510,Local Host IP: 10.235.129.36,Local Port: 60356,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.235.129.36,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:33,End Time: 2020-12-16 05:55:42,Occurrences: 3,Application: C:/Users/testuser48/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser41,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST632940,Local Host IP: 172.177.142.48,Local Port: 60358,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.177.142.48,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:40,End Time: 2020-12-16 05:55:49,Occurrences: 3,Application: C:/Users/testuser80/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser56,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST669558,Local Host IP: 172.207.80.152,Local Port: 60359,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.207.80.152,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:40,End Time: 2020-12-16 05:55:49,Occurrences: 3,Application: C:/Users/testuser83/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser61,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST760982,Local Host IP: 172.144.135.18,Local Port: 60360,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.144.135.18,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:40,End Time: 2020-12-16 05:55:49,Occurrences: 3,Application: C:/Users/testuser98/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser26,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST645597,Local Host IP: 192.101.203.230,Local Port: 60361,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.101.203.230,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:40,End Time: 2020-12-16 05:55:49,Occurrences: 3,Application: C:/Users/testuser57/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser44,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST846315,Local Host IP: 172.248.41.100,Local Port: 60362,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.248.41.100,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:41,End Time: 2020-12-16 05:55:50,Occurrences: 3,Application: C:/Users/testuser78/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser78,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST679434,Local Host IP: 192.129.82.184,Local Port: 60363,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.129.82.184,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:46,End Time: 2020-12-16 05:55:55,Occurrences: 3,Application: C:/Users/testuser77/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser6,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST551633,Local Host IP: 192.59.133.53,Local Port: 60364,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.59.133.53,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:55:54,End Time: 2020-12-16 05:56:03,Occurrences: 3,Application: C:/Users/testuser12/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser51,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST847932,Local Host IP: 172.26.39.32,Local Port: 60365,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.26.39.32,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:01,End Time: 2020-12-16 05:56:10,Occurrences: 3,Application: C:/Users/testuser67/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser86,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST173376,Local Host IP: 172.79.253.157,Local Port: 60366,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.79.253.157,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:01,End Time: 2020-12-16 05:56:10,Occurrences: 3,Application: C:/Users/testuser54/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser59,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST503472,Local Host IP: 172.176.78.27,Local Port: 60367,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.176.78.27,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:01,End Time: 2020-12-16 05:56:10,Occurrences: 3,Application: C:/Users/testuser22/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser31,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST222188,Local Host IP: 192.178.221.92,Local Port: 60368,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.178.221.92,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:01,End Time: 2020-12-16 05:56:10,Occurrences: 3,Application: C:/Users/testuser68/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser83,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST610912,Local Host IP: 192.61.213.130,Local Port: 60372,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.61.213.130,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:07,End Time: 2020-12-16 05:56:10,Occurrences: 2,Application: C:/Users/testuser50/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser39,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST794929,Local Host IP: 172.35.83.225,Local Port: 60369,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.35.83.225,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:02,End Time: 2020-12-16 05:56:11,Occurrences: 3,Application: C:/Users/testuser8/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser69,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST229456,Local Host IP: 10.219.18.151,Local Port: 60370,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.219.18.151,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:02,End Time: 2020-12-16 05:56:11,Occurrences: 3,Application: C:/Users/testuser96/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser6,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST548460,Local Host IP: 10.106.250.17,Local Port: 60371,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.106.250.17,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:02,End Time: 2020-12-16 05:56:11,Occurrences: 3,Application: C:/Users/testuser50/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser78,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST275070,Local Host IP: 10.175.82.246,Local Port: 60374,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.175.82.246,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:15,End Time: 2020-12-16 05:56:24,Occurrences: 3,Application: C:/Users/testuser47/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser14,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST423989,Local Host IP: 172.176.109.125,Local Port: 60376,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.176.109.125,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:23,End Time: 2020-12-16 05:56:32,Occurrences: 3,Application: C:/Users/testuser56/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser85,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST689225,Local Host IP: 192.35.53.194,Local Port: 60377,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.35.53.194,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:23,End Time: 2020-12-16 05:56:32,Occurrences: 3,Application: C:/Users/testuser72/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser75,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST271682,Local Host IP: 172.7.22.131,Local Port: 60378,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.7.22.131,Remote Host Name: browser-notifications.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:23,End Time: 2020-12-16 05:56:32,Occurrences: 3,Application: C:/Users/testuser97/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser75,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST726122,Local Host IP: 172.101.209.156,Local Port: 60379,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.101.209.156,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:36,End Time: 2020-12-16 05:56:45,Occurrences: 3,Application: C:/Users/testuser92/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser89,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST133580,Local Host IP: 172.169.239.69,Local Port: 60380,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.169.239.69,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:43,End Time: 2020-12-16 05:56:52,Occurrences: 3,Application: C:/Users/testuser32/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser38,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST982661,Local Host IP: 10.226.62.240,Local Port: 60381,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.226.62.240,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:44,End Time: 2020-12-16 05:56:53,Occurrences: 3,Application: C:/Users/testuser9/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser33,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST347556,Local Host IP: 172.163.74.67,Local Port: 60382,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.163.74.67,Remote Host Name: gcfunion.com,Remote Port: 80,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:46,End Time: 2020-12-16 05:56:55,Occurrences: 3,Application: C:/Users/testuser78/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser72,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST366512,Local Host IP: 172.74.216.190,Local Port: 60383,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.74.216.190,Remote Host Name: gcfunion.com,Remote Port: 80,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:46,End Time: 2020-12-16 05:56:55,Occurrences: 3,Application: C:/Users/testuser14/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser79,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST711939,Local Host IP: 10.184.104.126,Local Port: 60384,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.184.104.126,Remote Host Name: weather.opera-api.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:46,End Time: 2020-12-16 05:56:55,Occurrences: 3,Application: C:/Users/testuser67/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser76,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST339003,Local Host IP: 192.146.248.250,Local Port: 60385,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.146.248.250,Remote Host Name: weather.opera-api.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:47,End Time: 2020-12-16 05:56:56,Occurrences: 3,Application: C:/Users/testuser25/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser26,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST825135,Local Host IP: 172.7.149.241,Local Port: 60386,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.7.149.241,Remote Host Name: gcfunion.com,Remote Port: 80,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:47,End Time: 2020-12-16 05:56:56,Occurrences: 3,Application: C:/Users/testuser45/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser25,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST660639,Local Host IP: 172.64.168.165,Local Port: 60389,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.64.168.165,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:56:57,End Time: 2020-12-16 05:57:06,Occurrences: 3,Application: C:/Users/testuser20/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser29,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST529107,Local Host IP: 172.139.6.183,Local Port: 60390,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.139.6.183,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:04,End Time: 2020-12-16 05:57:13,Occurrences: 3,Application: C:/Users/testuser42/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser22,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST690622,Local Host IP: 192.31.122.163,Local Port: 60391,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.31.122.163,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:05,End Time: 2020-12-16 05:57:14,Occurrences: 3,Application: C:/Users/testuser10/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser39,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST970701,Local Host IP: 172.96.235.164,Local Port: 60392,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.96.235.164,Remote Host Name: weather.opera-api.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:08,End Time: 2020-12-16 05:57:17,Occurrences: 3,Application: C:/Users/testuser88/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser82,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST983419,Local Host IP: 10.72.179.20,Local Port: 60393,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.72.179.20,Remote Host Name: weather.opera-api.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:08,End Time: 2020-12-16 05:57:17,Occurrences: 3,Application: C:/Users/testuser19/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser83,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST813740,Local Host IP: 10.130.4.67,Local Port: 60397,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.130.4.67,Remote Host Name: play.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:18,End Time: 2020-12-16 05:57:27,Occurrences: 3,Application: C:/Users/testuser64/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser44,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST639904,Local Host IP: 172.54.175.230,Local Port: 60398,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.54.175.230,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:25,End Time: 2020-12-16 05:57:34,Occurrences: 3,Application: C:/Users/testuser54/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser90,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST388528,Local Host IP: 172.79.251.25,Local Port: 60399,Local Host MAC: 00BB606F2FCF,Remote Host IP: 172.79.251.25,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:26,End Time: 2020-12-16 05:57:35,Occurrences: 3,Application: C:/Users/testuser4/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser94,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST384022,Local Host IP: 192.10.8.60,Local Port: 60400,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.10.8.60,Remote Host Name: auth.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:29,End Time: 2020-12-16 05:57:38,Occurrences: 3,Application: C:/Users/testuser37/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser5,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST642888,Local Host IP: 192.76.33.85,Local Port: 60401,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.76.33.85,Remote Host Name: auth.opera.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:29,End Time: 2020-12-16 05:57:38,Occurrences: 3,Application: C:/Users/testuser66/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser7,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST157034,Local Host IP: 10.81.241.230,Local Port: 60402,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.81.241.230,Remote Host Name: desktop-assistant-sub.osp.opera.software,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:29,End Time: 2020-12-16 05:57:38,Occurrences: 3,Application: C:/Users/testuser29/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser91,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST803242,Local Host IP: 192.74.214.180,Local Port: 60403,Local Host MAC: 00BB606F2FCF,Remote Host IP: 192.74.214.180,Remote Host Name: desktop-assistant-sub.osp.opera.software,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:29,End Time: 2020-12-16 05:57:38,Occurrences: 3,Application: C:/Users/testuser73/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser15,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST732966,Local Host IP: 10.32.109.56,Local Port: 60410,Local Host MAC: 00BB606F2FCF,Remote Host IP: 10.32.109.56,Remote Host Name: android.clients.google.com,Remote Port: 443,Remote Host MAC: 34DB9CEA30C7,TCP,Outbound,Begin: 2020-12-16 05:57:39,End Time: 2020-12-16 05:57:48,Occurrences: 3,Application: C:/Users/testuser81/AppData/Local/Programs/Opera/72.0.3815.400/opera.exe,Rule: Block Known Unapproved Applications,Location: Unknown,User Name: testuser14,Domain Name: ABC,Action: Blocked,SHA-256: 9c5414d40935612f99b47638e8f0fdfe1edf214d6fa3b05043411947d1e16693,MD-5: A1A4616DFC2B58B3BE64A918974876F0 +SERVER0003 HOST467565,10.146.185.22,Blocked,[AC9-1.1] Block access to autorun.inf - Caller MD5=47ea9e07b7dbfbeba368bd95a3a2d25b,File Read,Begin: 2020-12-15 15:17:45,End Time: 2020-12-15 15:18:18,Rule: Explorer | [AC9-1.1] Autorun.inf,33904,C:/Windows/explorer.exe,0,No Module Name,D:/autorun.inf,User Name: testuser,HOST467565,Domain Name: ABC,Action Type: ,File size (bytes): 0,Device ID: USBSTOR\Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP\60A44C3FAC7DE26099720C19&0 +SERVER0003 HOST702377,10.14.223.54,Blocked,[AC9-1.1] Block access to autorun.inf - Caller MD5=47ea9e07b7dbfbeba368bd95a3a2d25b,File Read,Begin: 2020-12-15 15:20:02,End Time: 2020-12-15 15:20:50,Rule: Explorer | [AC9-1.1] Autorun.inf,33904,C:/Windows/explorer.exe,0,No Module Name,D:/autorun.inf,User Name: testuser,HOST702377,Domain Name: ABC,Action Type: ,File size (bytes): 0,Device ID: USBSTOR\Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP\60A44C3FAC7DE26099720C19&0 +SERVER0003 HOST946764,172.89.99.46,Blocked,[AC9-1.1] Block access to autorun.inf - Caller MD5=47ea9e07b7dbfbeba368bd95a3a2d25b,File Read,Begin: 2020-12-15 15:30:44,End Time: 2020-12-15 15:32:33,Rule: Explorer | [AC9-1.1] Autorun.inf,33904,C:/Windows/explorer.exe,0,No Module Name,D:/autorun.inf,User Name: testuser,HOST946764,Domain Name: ABC,Action Type: ,File size (bytes): 0,Device ID: USBSTOR\Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP\60A44C3FAC7DE26099720C19&0 +SERVER0003 HOST879523,172.176.166.68,Blocked,[AC9-1.1] Block access to autorun.inf - Caller MD5=47ea9e07b7dbfbeba368bd95a3a2d25b,File Read,Begin: 2020-12-15 15:33:49,End Time: 2020-12-15 15:34:13,Rule: Explorer | [AC9-1.1] Autorun.inf,33904,C:/Windows/explorer.exe,0,No Module Name,D:/autorun.inf,User Name: testuser,HOST879523,Domain Name: ABC,Action Type: ,File size (bytes): 0,Device ID: USBSTOR\Disk&Ven_Kingston&Prod_DataTraveler_3.0&Rev_PMAP\60A44C3FAC7DE26099720C19&0 +SERVER0003 HOST150094,10.209.217.25,Blocked,[AC9-1.1] Block access to autorun.inf - Caller MD5=e1cb52c97c27f702cc96cf886b67fb8b,File Read,Begin: 2020-12-15 14:07:44,End Time: 2020-12-15 14:07:44,Rule: Explorer | [AC9-1.1] Autorun.inf,8836,C:/Windows/explorer.exe,0,No Module Name,D:/autorun.inf,User Name: testuser,HOST150094,Domain Name: ABC,Action Type: ,File size (bytes): 0,Device ID: USBSTOR\Disk&Ven_Generic&Prod_Flash_Disk&Rev_8.07\7B602D85&0 +SERVER0007 HOST871426,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 10.4.39.156,Local Host MAC: EC8EB59C80CE,Remote Host Name: ,Remote Host IP: 10.4.39.156,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:02:02,End Time: 2020-12-15 16:02:02,Occurrences: 1,Application: ,Location: Default,User Name: testuser,HOST871426,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 HOST728832,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 172.121.8.238,Local Host MAC: 00059A3C7A00,Remote Host Name: ,Remote Host IP: 172.121.8.238,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:01:45,End Time: 2020-12-15 16:01:45,Occurrences: 1,Application: ,Location: ON NET,User Name: testuser,HOST728832,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 HOST869457,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 192.50.95.181,Local Host MAC: 00059A3C7A00,Remote Host Name: ,Remote Host IP: 192.50.95.181,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:02:24,End Time: 2020-12-15 16:02:24,Occurrences: 1,Application: ,Location: ON NET,User Name: testuser,HOST869457,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 HOST632406,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 192.204.150.225,Local Host MAC: 00059A3C7A00,Remote Host Name: ,Remote Host IP: 192.204.150.225,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:15:08,End Time: 2020-12-15 16:15:08,Occurrences: 1,Application: ,Location: ON NET,User Name: testuser,HOST632406,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 HOST237820,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 10.229.194.143,Local Host MAC: 00059A3C7A00,Remote Host Name: ,Remote Host IP: 10.229.194.143,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:01:54,End Time: 2020-12-15 16:01:54,Occurrences: 1,Application: ,Location: ON NET,User Name: testuser,HOST237820,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 HOST286206,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 172.146.220.247,Local Host MAC: 00059A3C7A00,Remote Host Name: ,Remote Host IP: 172.146.220.247,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:21:55,End Time: 2020-12-15 16:21:55,Occurrences: 1,Application: ,Location: ON NET,User Name: testuser,HOST286206,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 HOST109069,Event Description: Host Integrity check passed Requirement: 'Download and update test' passed Requirement: 'Check restart status and notify user to restart' passed Requirement: 'Fix Malfunctioning devices' passed Requirement: 'Check client version and upgrade if required' passed ,Local Host IP: 10.36.236.48,Local Host MAC: 00059A3C7A00,Remote Host Name: ,Remote Host IP: 10.36.236.48,Remote Host MAC: 000000000000,Unknown,OTHERS,,Begin: 2020-12-15 16:21:48,End Time: 2020-12-15 16:21:48,Occurrences: 1,Application: ,Location: ON NET,User Name: testuser,HOST109069,Domain Name: ABC,Local Port: 0,Remote Port: 0,CIDS Signature ID: 0,CIDS Signature string: ,CIDS Signature SubID: 0,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5: +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0003,Event Description: Unexpected server error. +SERVER0007 Site: TEST_SITE,Server Name: SERVER0004,Event Description: Unexpected server error. \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/SymantecProxySGSyslogRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/SymantecProxySGSyslogRaw.log new file mode 100644 index 00000000000..c70e51967f3 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/SymantecProxySGSyslogRaw.log @@ -0,0 +1,443 @@ +datasource :2020-05-02 02:12:12 1 172.888.180.243 - - - OBSERVED "Web Infrastructure" - 200 TCP_HIT GET application/vnd.ms-cab-compressed http download.windowsupdate.com 80 /d/msdownload/update/others/2020/05/31668421_bca444be2d06fa02bdb80b9df77f254f50b06a65.cab - cab "Windows-Update-Agent" 172.88.888.2 7546 250 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:12:00 177757 172.92.222.141 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6625 1415 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:11:55 1455 172.164.80.167 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 174606 961 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:11:50 48 172.34.9.152 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.3 9440 / - - "Java/1.8.0_191" 172.88.888.2 3976 1000 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:11:48 840 172.999.252.58 user1 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp update.googleapis.com 443 / - - - 172.88.888.2 4725 2060 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:11:45 87666 172.12.139.80 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 7001 2406 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:11:44 1 172.888.153.230 - - - OBSERVED "Web Infrastructure" - 200 TCP_HIT GET application/vnd.ms-cab-compressed http download.windowsupdate.com 80 /d/msdownload/update/others/2020/05/31668421_bca444be2d06fa02bdb80b9df77f254f50b06a65.cab - cab "Windows-Update-Agent" 172.88.888.2 7546 250 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:11:41 6 172.166.72.90 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?6143c48198b11083 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 379 322 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:11:40 100206 172.48.140.43 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:11:38 3 172.888.54.11 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Microsoft BITS/7.5" 172.88.888.2 142951 381 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:11:34 1 172.168.201.155 - - - OBSERVED "Web Infrastructure" - 200 TCP_HIT GET application/vnd.ms-cab-compressed http download.windowsupdate.com 80 /d/msdownload/update/others/2020/05/31668454_909950bb587e347ea023ae912fe156ba9359aaf7.cab - cab "Windows-Update-Agent" 172.88.888.2 8814 250 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:11:31 4 172.172.105.140 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/vnd.ms-cab-compressed http ds.download.windowsupdate.com 80 /v11/2/microsoftupdate/redir/v6-muredir.cab ?2005020211 cab "Windows-Update-Agent" 172.88.888.2 642 222 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:11:30 350 172.51.192.45 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp settings-win.data.microsoft.com 443 / - - - 172.88.888.2 26342 1392 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:11:29 1 172.888.223.227 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Microsoft BITS/7.5" 172.88.888.2 10636 379 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:11:25 109957 172.999.209.105 user3 - - OBSERVED "WhiteList Search Engines/Portals" - 200 TCP_TUNNELED CONNECT - tcp www.google.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.88863" 172.88.888.2 1364 2787 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:11:20 126303 172.188.1.89 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 4321 425 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:10:45 959947 172.888.40.89 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 63919 572733 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:10:36 126307 172.888.54.56 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:10:32 31456 172.70.66.117 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 8152 3285 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:10:29 201 172.34.14.141 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.34.250.79 9440 / - - "Java/1.8.0_191" 172.88.888.2 3492 1189 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:10:27 350 172.34.25.142 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 462957 679 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:10:21 2 172.172.106.193 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Microsoft BITS/7.5" 172.88.888.2 100649 381 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:10:21 31880 172.148.64.54 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2621 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:10:18 347 172.999.209.142 user84 - - OBSERVED "doNotCache skipAntiVirus WhiteList Online Meetings" - 200 TCP_TUNNELED CONNECT - tcp tsa.webex.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 7955 2159 - "Cisco WebEx" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:09:35 2045529 172.888.214.31 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 44094 361467 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:09:31 30991 172.14.94.119 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 3940 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:09:27 122596 172.888.175.162 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:09:21 260 172.92.250.48 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.34.40.10 9440 / - - - 172.88.888.2 6545 4719 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:09:20 7408 172.888.204.133 user28 - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 13142 3508 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:09:17 100201 172.888.187.74 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1055 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:08:56 723 172.124.49.120 - - - OBSERVED "DoNotSpeedBump WhiteList samplewhitelist Finance" - 200 TCP_TUNNELED CONNECT - tcp www.sampledata.com 443 / - - "Autn-WKOOP" 172.88.888.2 7745 2955 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:08:54 1495 172.92.62.15 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp api.loganalytics.io 443 / - - "Apache-HttpClient/4.5.9 (Java/1.8.0_252)" 172.88.888.2 6405 2344 - "none" "none" 80 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 02:08:53 118058 172.14.122.38 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 12894 98683 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:08:48 121 172.888.77.173 user5 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp sync.outbrain.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 3801 1185 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 02:08:31 30674 172.154.52.129 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7910 3639 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:08:29 1037 172.149.40.160 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 26639 963 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:08:23 7964 172.888.144.159 user26 - - OBSERVED "DoNotSpeedBump WhiteList samplewhitelist Finance" - 200 TCP_TUNNELED CONNECT - tcp www.sampledata.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 22409 10424 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:07:56 51 172.34.250.118 - - - OBSERVED "Technology/Internet" - 200 TCP_NC_MISS GET text/plain %20charset=utf-8 http s.3gl.net 80 /hawkscheduleserver/sn.ashx ?a=q&mgd=0-6%2c3-6%2c1-6%2c4-6&f=3&v=45 ashx "Mozilla/4.0 (compatible Catchpoint)" 172.88.888.2 196 422 - "none" "none" 80 None 6 +datasource :2020-05-02 02:07:54 76566 172.48.80.133 user86 - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 49131 6988 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:07:51 240302 172.888.77.192 user34 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp safebrowsing.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 3810 2067 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:07:46 653 172.92.24.126 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 577312 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:07:44 458906 172.888.139.137 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 25244 161047 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:07:39 168 172.34.9.164 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.3 9440 / - - "Java/1.8.0_191" 172.88.888.2 3493 1967 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:07:19 170660 172.888.82.131 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5483 4977 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:07:15 75039 172.51.151.96 user39 - tcp_error DENIED "none" - 503 TCP_ERR_MISS CONNECT - tcp 172.16.0.2 443 / - - - 172.88.888.2 185 83 - "none" "none" 3128 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:07:15 195 172.154.52.21 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Postman/6.7.4 Chrome/59.0.3071.115 Electron/1.8.8 Safari/537.36" 172.88.888.2 0 347 - "none" "none" 31415 None 3 +datasource :2020-05-02 02:07:15 100184 172.888.89.112 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:07:07 128839 172.54.55.142 user51 - - OBSERVED "missCategorizedURL WhiteList samplewhitelist Chat (IM)/SMS Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp presence.teams.microsoft.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.8663 Chrome/69.0.3497.128 Electron/4.2.12 Safari/537.36" 172.88.888.2 6656 3436 - "Office 365 Skype for Business" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:07:01 100268 172.888.146.211 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:06:53 60246 172.888.89.55 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp settings-win.data.microsoft.com 443 / - - - 172.88.888.2 4028 801 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:06:51 30962 172.48.140.55 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7663 1629 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:06:50 23 172.34.999.249 - - - OBSERVED "WhiteList samplewhitelist sample-data-Domains Finance" - 200 TCP_NC_MISS POST application/json %20charset=utf-8 http my2013.abcd.com 80 /My/sws67/_vti_bin/client.svc/ProcessQuery - - "Mozilla/5.0 (compatible MSIE 172.0 Windows NT 6.2 Trident/6.0 MS FrontPage Sharegate ISV|Sharegate|Desktop/12.2.3.2344|NonInteractive)" 172.88.888.2 1551 2581 - "none" "none" 80 None 3 +datasource :2020-05-02 02:06:44 16046 172.888.25.140 user27 - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 182 805 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:06:42 128995 172.198.154.43 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2419 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:06:39 365 172.124.49.120 - - - OBSERVED "DoNotSpeedBump WhiteList samplewhitelist Finance" - 200 TCP_TUNNELED CONNECT - tcp www.sampledata.com 443 / - - "Autn-WKOOP" 172.88.888.2 7790 3001 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:06:38 100253 172.51.30.18 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:06:30 30192 172.888.153.168 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 3049 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:06:24 36 172.999.203.203 - - authentication_failed DENIED "Technology/Internet" - 407 TCP_DENIED CONNECT - tcp configuration.apple.com 443 / - - "Safari/13609.1.20.111.8 CFNetwork/902.5 Darwin/17.7.0 (x86_64)" 172.88.888.2 252 342 - "none" "none" 3128 None 1 +datasource :2020-05-02 02:06:05 6 172.999.252.121 - - authentication_failed DENIED "WhiteList samplewhitelist sample-data-Domains Finance" - 407 TCP_DENIED CONNECT - tcp securefile.abcd.com 443 / - - "CAPI_WINDOWS_7.0.0.204" 172.88.888.2 537 196 - "none" "none" 3128 None 3 +datasource :2020-05-02 02:06:05 30805 172.888.130.98 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 2193 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:05:53 18136 172.186.20.164 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 20369 113098 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:05:48 2666 172.172.5.133 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.160.154.2 9440 / - - "Java/1.8.0_191" 172.88.888.2 3494 1189 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:05:45 331518 172.34.211.156 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 43987 268408 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:05:37 1774 172.999.227.113 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 0 259 - "none" "none" 31415 None 3 +datasource :2020-05-02 02:05:32 6544456 172.160.160.21 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 80494 851383 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:05:29 98572 172.91.29.96 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 7257 2406 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:05:07 123970 172.888.90.140 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:05:00 73944 172.92.2.151 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.130 9440 / - - "Java/1.8.0_222" 172.88.888.2 4814 1012 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:05:00 1 172.888.40.8 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Microsoft BITS/7.5" 172.88.888.2 10547 379 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:04:57 5 172.172.255.48 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/vnd.ms-cab-compressed http ds.download.windowsupdate.com 80 /v11/2/microsoftupdate/redir/v6-muredir.cab ?2005020204 cab "Windows-Update-Agent" 172.88.888.2 642 222 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:04:57 443 172.34.31.235 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 738866 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:04:53 33741 172.92.211.231 - - tcp_error DENIED "none" - 503 TCP_ERR_MISS GET - http 169.254.169.254 80 /metadata/instance ?api-version=2017-12-01 - - 172.88.888.2 1519 119 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:04:52 5 172.888.84.106 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/vnd.ms-cab-compressed http ds.download.windowsupdate.com 80 /v11/2/microsoftupdate/redir/v6-muredir.cab ?2005020204 cab "Windows-Update-Agent" 172.88.888.2 642 222 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:04:48 1151258 172.888.174.160 user33 - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp tr.blismedia.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 2199 4317 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 02:04:43 30288 172.92.28.94 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 1914 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:04:42 60315 172.888.217.89 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp vortex-win.data.microsoft.com 443 / - - - 172.88.888.2 4203 7861 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:04:40 297 172.888.180.9 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 4769 4481 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:04:33 563 172.34.5.221 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp data.flexnetmanager.com 443 / - - - 172.88.888.2 5540 3738 - "none" "none" 443 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 02:04:22 240289 172.12.162.217 - - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp safebrowsing.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 4367 2072 - "none" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:04:01 66 172.32.162.1 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ucc-a.wbx2.com 443 / - - - 172.88.888.2 7393 2889 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:03:57 241966 172.999.218.71 user5 - - OBSERVED "WhiteList Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp cm.g.doubleclick.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 3527 1816 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:03:46 30540 172.3.150.133 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7663 1627 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:03:34 174 172.91.90.210 - - - OBSERVED "Web Infrastructure" - 200 TCP_TUNNELED CONNECT - tcp sgapi.es.bluecoat.com 443 / - - "Apache-HttpClient/4.5.6 (Java/1.8.0_171)" 172.88.888.2 4681 2944 - "none" "none" 80 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 02:03:30 2 172.888.66.173 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Microsoft BITS/7.5" 172.88.888.2 91571 380 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:03:27 100209 172.92.5.204 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1021 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:03:17 1 172.168.114.68 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Microsoft BITS/7.5" 172.88.888.2 6190 374 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:03:10 6 172.154.20.88 - - - OBSERVED "Office365 Web Infrastructure" - 200 TCP_HIT GET application/pkix-crl http crl.microsoft.com 80 /pki/crl/products/WinPCA.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 1007 289 - "Office 365 General" "none" 80 Australia 1 +datasource :2020-05-02 02:03:07 128891 172.888.218.183 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:02:59 1 172.888.127.208 - - TNT_BlockPage DENIED "Web Infrastructure" - 403 TCP_DENIED GET - http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?63810c12f99304ee cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 2797 237 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:02:53 359 172.888.186.239 user1 - - OBSERVED "Finance" http://207.45.34.1/rdpReorg/entry 304 TCP_MISS GET image/gif http 207.45.34.1 80 /rdpReorg/common/images/funcsubmit.gif - gif "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 516 1144 - "none" "none" 3128 None 3 +datasource :2020-05-02 02:02:46 1764 172.92.41.146 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.4 9440 / - - "Java/1.8.0_191" 172.88.888.2 3492 10568 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:02:41 1 172.168.81.172 - - - OBSERVED "Web Infrastructure" - 200 TCP_HIT GET application/vnd.ms-cab-compressed http download.windowsupdate.com 80 /d/msdownload/update/others/2020/05/31668421_bca444be2d06fa02bdb80b9df77f254f50b06a65.cab - cab "Windows-Update-Agent" 172.88.888.2 7545 250 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 02:02:40 125 172.34.29.253 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 24438 743 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:02:22 1058 172.172.11.179 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.160.154.2 9440 / - - "Java/1.8.0_191" 172.88.888.2 3979 972 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 02:02:11 100375 172.12.48.127 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 7121 1535 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:02:03 222595 172.51.130.10 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 11919 68605 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:01:55 879627 172.12.170.24 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 64894 536807 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:01:52 1 172.888.254.235 - - TNT_BlockPage DENIED "Web Infrastructure" - 403 TCP_DENIED GET - http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?622beef260470061 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 2797 237 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:01:52 5 172.168.114.188 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Windows-Update-Agent" 172.88.888.2 443 277 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:01:42 5 172.888.181.17 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/vnd.ms-cab-compressed http ds.download.windowsupdate.com 80 /v11/2/microsoftupdate/redir/v6-muredir.cab ?2005020201 cab "Windows-Update-Agent" 172.88.888.2 642 222 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:01:28 120448 172.92.222.209 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 7257 2392 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:01:23 1485 172.166.188.119 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp v10c.events.data.microsoft.com 443 / - - - 172.88.888.2 4478 2169 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 02:01:17 461 172.999.237.79 user16 - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp d.la1-c2-phx.salesforceliveagent.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 3991 1699 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 02:01:13 642 172.32.242.72 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp subscription.rhsm.redhat.com 443 / - - "RHSM/1.0 (cmd=goferd)" 172.88.888.2 16345 2531 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:01:08 294 172.999.193.116 user46 - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp d.la2-c2-ph2.salesforceliveagent.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 622 1681 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 02:01:02 109633 172.80.50.132 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2375 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:01:02 110330 172.92.999.250 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 7001 2400 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:01:00 4 172.172.74.14 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/octet-stream http download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2734.0_e38ac8744b0322bae706aa231908f7ca92197b7e.exe - exe "Windows-Update-Agent" 172.88.888.2 443 277 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 02:00:58 1 172.999.235.242 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 0 259 - "none" "none" 31415 None 3 +datasource :2020-05-02 02:00:56 596 172.999.227.162 user2 - - OBSERVED "Finance" - 200 TCP_TUNNELED CONNECT - tcp my.apps.factset.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Workstation/2016.18.067.054 Safari/537.36" 172.88.888.2 10423 5368 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:52 2 172.999.203.203 - - authentication_failed DENIED "WhiteList Technology/Internet" - 407 TCP_DENIED GET - http clientservices.googleapis.com 80 /chrome-variations/seed ?osname=mac&channel=stable&milestone=81 - "Mozilla/5.0 (Macintosh Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36" 172.88.888.2 2100 668 - "none" "none" 3128 None 1 +datasource :2020-05-02 02:00:47 50 172.34.250.120 - - - OBSERVED "Technology/Internet" - 200 TCP_NC_MISS GET text/plain %20charset=utf-8 http s.3gl.net 80 /hawkscheduleserver/sn.ashx ?a=s&t=939971&mg=0&w=202005020200&i=0&n=1&e=0&g= ashx "Mozilla/4.0 (compatible Catchpoint)" 172.88.888.2 165 431 - "none" "none" 80 None 6 +datasource :2020-05-02 02:00:33 33213 172.197.2.102 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2217 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:31 30961 172.888.176.201 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2152 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:30 30522 172.48.121.888 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2197 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:30 30364 172.888.55.221 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 3644 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:13 89283 172.88.144.184 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 5244 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:08 1 172.92.30.119 - - authentication_failed DENIED "Office365 Web Infrastructure" - 407 TCP_DENIED GET - http ocsp.digicert.com 80 /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAeOoHCrvCcjJqbnbMvQCfc%3D - - "Microsoft-CryptoAPI/6.1" 172.88.888.2 1839 263 - "none" "none" 80 None 1 +datasource :2020-05-02 02:00:07 3558 172.888.193.7 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 14194 72451 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 02:00:04 5 172.999.214.215 - - authentication_failed DENIED "WhiteList samplewhitelist sample-data-Domains Finance" - 407 TCP_DENIED CONNECT - tcp securefile.abcd.com 443 / - - "CAPI_WINDOWS_7.0.0.204" 172.88.888.2 537 196 - "none" "none" 3128 None 3 +datasource :2020-05-02 01:42:26 2 172.999.196.226 - - authentication_failed DENIED "missCategorizedURL WhiteList samplewhitelist Web Infrastructure" - 407 TCP_DENIED CONNECT - tcp c.urs.microsoft.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64 Trident/7.0 Touch rv:11.0) like Gecko" 172.88.888.2 331 237 - "Office 365 General" "none" 3128 None 1 +datasource :2020-05-02 01:42:25 120 172.34.30.189 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 14182 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:42:22 1 172.80.60.54 - - - OBSERVED "Office365 Web Infrastructure" - 200 TCP_HIT GET application/pkix-crl http crl.microsoft.com 80 /pki/crl/products/tspca.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 999 288 - "Office 365 General" "none" 80 United%20States 1 +datasource :2020-05-02 01:42:18 265 172.34.25.107 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 260817 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:42:14 100199 172.888.200.163 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 01:42:05 60601 172.888.47.87 - - tcp_error DENIED "none" - 503 TCP_ERR_MISS GET - http 169.254.169.254 80 /metadata/instance ?api-version=2017-12-01 - - 172.88.888.2 1519 119 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 01:42:02 69663 172.51.80.92 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2375 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:42:01 119991 172.51.100.133 user1 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp c.go-mpulse.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 4508 1191 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 01:41:45 31004 172.888.70.80 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2908 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:41:40 876 172.92.46.154 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.130 9440 / - - "Java/1.8.0_222" 172.88.888.2 5219 1461 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 01:41:36 4 172.68.172.159 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/vnd.ms-cab-compressed http ds.download.windowsupdate.com 80 /v11/2/microsoftupdate/redir/v6-muredir.cab ?2005020141 cab "Windows-Update-Agent" 172.88.888.2 642 222 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 01:41:31 158 172.34.24.32 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:41:28 12333 172.48.22.84 user99 - - OBSERVED "samplewhitelist News" - 200 TCP_TUNNELED CONNECT - tcp bea4.cnn.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 10922 66910 - "CNN" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 01:41:24 180275 172.38.0.55 - - - OBSERVED "Brokerage/Trading Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp telemetry.tradingview.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 1411 1684 - "none" "none" 80 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 01:41:24 524 172.172.186.93 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 12784 714 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:41:22 5 172.51.192.195 - - - OBSERVED "Web Infrastructure" - 200 TCP_NC_MISS HEAD application/vnd.ms-cab-compressed http ds.download.windowsupdate.com 80 /v11/2/microsoftupdate/redir/v6-muredir.cab ?2005020141 cab "Windows-Update-Agent" 172.88.888.2 642 222 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 01:41:20 265 172.92.31.83 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 265329 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:41:17 408 172.92.25.74 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 537062 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:41:11 323 172.34.26.143 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 302843 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:41:07 100610 172.888.88.218 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-cus.microsoft.com 443 / - - - 172.88.888.2 9554 996 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 01:41:04 1 172.888.11.160 - - - OBSERVED "Office365 Web Infrastructure" - 200 TCP_HIT GET application/pkix-crl http crl.microsoft.com 80 /pki/crl/products/MicWinHarComPCA_2010-11-01.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 1066 308 - "Office 365 General" "none" 80 United%20States 1 +datasource :2020-05-02 01:41:02 261 172.90.14.2 - - - OBSERVED "Finance" - 200 TCP_TUNNELED CONNECT - tcp builder-pod1.fiservapps.com 443 / - - "Java/1.7.0_80" 172.88.888.2 7086 6921 - "none" "none" 443 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 01:41:02 17601 172.124.49.71 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 24812 148848 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:56 127750 172.888.76.203 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:52 3066 172.70.18.88 user88 - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 12053 2233 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:46 60330 172.888.64.58 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp settings-win.data.microsoft.com 443 / - - - 172.88.888.2 4028 801 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 01:40:40 240 172.999.208.127 user2 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp use-tor.adsrvr.org 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 8034 4728 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 01:40:38 187 172.34.29.122 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 74517 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:36 502 172.92.29.106 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 708120 679 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:33 100392 172.888.146.234 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 7121 1505 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:31 29993 172.12.162.222 - - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp web.hb.ad.cpe.dotomi.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 884 2055 - "none" "none" 80 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 01:40:30 125747 172.888.181.231 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:22 31023 172.888.60.90 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2682 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:17 100354 172.888.70.28 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 7121 1505 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:17 75004 172.92.250.3 - - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp insights.nutanix.com 443 / - - - 172.88.888.2 4070 2588 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:16 118187 172.3.142.29 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 3916 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:11 120 172.34.29.44 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 17574 706 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:08 248 172.92.29.122 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 183096 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:04 8 172.168.201.215 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?28e27dca29445176 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 430 316 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 01:40:03 784531 172.34.213.121 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 17987 104664 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:03 266010 172.92.41.85 - - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp insights.nutanix.com 443 / - - "Go-http-client/1.1" 172.88.888.2 1615 18350 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 01:40:00 276 172.92.243.53 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gdmdc.good.com 443 / - - "Apache-HttpClient/4.5.2 (Java/1.8.0_181)" 172.88.888.2 3373 1040 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:07:43 58 172.999.233.212 user28 - - OBSERVED "Technology/Internet" - 200 TCP_NC_MISS GET text/html charset=ISO-8859-1 http updates.installshield.com 80 /Ping.asp - asp "ISUA 12.01" 172.88.888.2 253 215 - "none" "none" 3128 None 2 +datasource :2020-05-02 00:07:41 194 172.999.193.48 - - authentication_failed DENIED "Web Ads/Analytics" - 407 TCP_DENIED CONNECT - tcp bidder.criteo.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 537 318 - "none" "none" 3128 None 2 +datasource :2020-05-02 00:07:29 7 172.92.27.148 user102$ - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?0332103221e67818 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 429 322 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:07:18 14 172.168.64.166 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?050c6d18c46005dc cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 429 322 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:07:18 100090 172.36.8.11 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-cus.microsoft.com 443 / - - - 172.88.888.2 8735 602 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:07:09 92963 172.888.214.221 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 5900 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:07:09 109426 172.34.5.204 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 5576 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:07:08 233 172.149.108.127 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?89272a869794a1ca cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 436 359 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:06:48 19677 172.92.41.183 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.129 9440 / - - "Java/1.8.0_222" 172.88.888.2 4919 1008 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 00:06:41 2337226 172.92.64.116 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 54387 563230 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:06:36 131355 172.888.206.61 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6802 1588 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:06:34 71803 172.68.4.170 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2375 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:06:19 100394 172.888.18.74 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:06:11 121 172.12.223.9 - - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp abcd.my.salesforce.com 443 / - - "Java/1.7.0_131" 172.88.888.2 1229 1500 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:06:10 68 172.198.53.35 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http au.download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_bec534df419841f31ac8fdac7763ec4a6a8b6c4c.exe - exe "Microsoft BITS/7.8" 172.88.888.2 339619 411 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-02 00:06:09 10 172.154.84.153 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?2dd9915973bb5c06 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 379 316 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:06:03 1898497 172.92.243.53 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gdrelay.good.com 443 / - - - 172.88.888.2 9688 12417 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:57 124 172.12.223.9 - - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp abcd.my.salesforce.com 443 / - - "Java/1.7.0_131" 172.88.888.2 1229 1500 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:52 8977 172.888.206.243 user66 - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 15660 4857 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:50 323 172.999.193.106 user11 - - OBSERVED "WhiteList Search Engines/Portals" - 200 TCP_TUNNELED CONNECT - tcp adservice.google.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 831 890 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:05:47 60106 172.124.49.120 - - - OBSERVED "WhiteList samplewhitelist Education Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp map.brightcove.com 443 / - - "Autn-WKOOP" 172.88.888.2 7284 924 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:42 403 172.34.242.174 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gdmdc.good.com 443 / - - "Apache-HttpClient/4.5.2 (Java/1.8.0_181)" 172.88.888.2 3384 908 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:40 81311 172.197.137.4 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 15819 111023 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:32 2458 172.34.41.159 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.34.250.192 9440 / - - "Java/1.8.0_222" 172.88.888.2 4919 1039 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 00:05:31 32377 172.197.2.117 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2694 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:23 4220 172.92.41.183 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.129 9440 / - - "Java/1.8.0_222" 172.88.888.2 4723 1277 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 00:05:22 240445 172.999.201.25 user84 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp safebrowsing.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 1472 1909 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:05:20 2 172.48.80.111 - - authentication_failed DENIED "missCategorizedURL Technology/Internet" - 407 TCP_DENIED CONNECT - tcp b.slack-edge.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Slack/4.4.2 Chrome/78.0.3904.130 Electron/7.2.1 Safari/537.36 Sonic Slack_SSB/4.4.2" 172.88.888.2 331 276 - "none" "none" 3128 None 2 +datasource :2020-05-02 00:05:11 327 172.34.214.217 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp 2d45d03a-2883-4b06-b8f3-173925dab1de.ods.opinsights.azure.com 443 / - - - 172.88.888.2 6857 5174 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:07 31108 172.51.22.51 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7663 1628 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:05:06 465 172.194.44.60 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?811f6bfdaad1674f cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 372 363 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:05:05 125551 172.999.206.41 user97 - - OBSERVED "Office365 Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp mobile.pipe.aria.microsoft.com 443 / - - "AriaSDK Client" 172.88.888.2 6562 2945 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:05:00 66900 172.12.176.47 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 4721 2814 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:04:52 285 172.999.197.173 user40 Proxy%20Allow%20Personal%20Storage - OBSERVED "missCategorizedURL WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp smartscreen-prod.microsoft.com 443 / - - - 172.88.888.2 7659 3205 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:04:39 1999 172.999.213.152 user34 - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cme-linuscmewsydwsyd-093-wsyd-public.wbx2.com 443 / - - "webex utiltp" 172.88.888.2 4448 1245 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:04:31 73552 172.888.59.43 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5483 4113 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:04:24 30437 172.51.191.196 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7663 1665 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:04:19 240311 172.51.121.75 user48 Proxy%20Allow%20Personal%20Storage - OBSERVED "WhiteList Shopping Software Downloads" - 200 TCP_TUNNELED CONNECT - tcp play.google.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 2049 2060 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:04:15 64 172.32.162.1 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp hybrid-logging-a.wbx2.com 443 / - - - 172.88.888.2 5874 4576 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:04:12 240412 172.999.235.4 user34 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp clients4.google.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1199 1945 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:04:09 240307 172.999.245.127 user26 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp safebrowsing.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 4557 2072 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:03:56 100339 172.888.64.116 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 7121 1503 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:03:55 3389 172.999.236.80 user12 - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp trk-sp.sele.co 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 6094 5503 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 00:03:53 9 172.888.254.77 - - TNT_BlockPage DENIED "missCategorizedURL WhiteList samplewhitelist Web Infrastructure" - 403 TCP_DENIED POST - http statsfe2.update.microsoft.com 80 /ReportingWebService/ReportingWebService.asmx - asmx "Windows-Update-Agent" 172.88.888.2 2769 49925 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:03:36 22041 172.12.204.93 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 5094 6347 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:03:33 44 172.999.228.253 user5 - - OBSERVED "Shopping" - 302 TCP_NC_MISS GET - http mi.1800flowers.com 80 /p/rp/165763ded243c356.png ?mi_u=45210625&utm_source=exacttarget&utm_medium=email&utm_campaign=Dynamic_Transactional_Update_20190729&utm_content=mcbtran_hd&utm_term=promo&j=957089&l=15&e=sla5@abcd.com&jb=258350&mid=6368699 png "Mozilla/4.0 (compatible ms-office MSOffice 16)" 172.88.888.2 708 426 - "none" "none" 3128 None 2 +datasource :2020-05-02 00:03:25 391 172.34.27.122 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 416142 679 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:03:23 1165 172.70.20.159 user16 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp udc-neb.kampyle.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 4391 3847 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 00:03:22 4721 172.70.0.18 user80 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp tps10217.doubleverify.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 7233 1706 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 00:03:18 125027 172.888.153.7 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:03:12 649 172.999.253.143 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp us-v20.events.data.microsoft.com 443 / - - - 172.88.888.2 4835 25806 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:03:11 32599 172.198.148.3 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2216 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:03:05 358 172.999.207.187 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6405 2188 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:02:57 125812 172.172.66.202 - - - OBSERVED "missCategorizedURL WhiteList samplewhitelist Web Infrastructure" - 200 TCP_TUNNELED CONNECT - tcp fe2.update.microsoft.com 443 / - - - 172.88.888.2 15490 21917 - "Microsoft Update" "Update Software" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:02:55 423 172.197.137.5 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac - 172.88.888.2 0 112 - "none" "none" 31415 None 3 +datasource :2020-05-02 00:02:50 124133 172.8.242.8 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2417 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:02:49 356 172.34.28.170 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 474434 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:02:42 265 172.34.28.170 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 258433 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:02:41 81688 172.888.82.197 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:02:38 1361 172.999.226.209 user6 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp compass-events.deliverimp.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 436 2182 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 00:02:26 144357 172.999.195.11 user10 - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp cognizant--c.na130.content.force.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 14971 6473 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 00:02:24 1439323 172.22.16.226 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 27178 149702 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:02:23 5 172.154.100.28 - - - OBSERVED "missCategorizedURL WhiteList samplewhitelist Technology/Internet" - 200 TCP_NC_MISS HEAD application/octet-stream http dl.delivery.mp.microsoft.com 80 /filestreamingservice/files/c120d9fe-fb46-4dc3-ac29-e266027139a9 - - "Microsoft BITS/7.8" 172.88.888.2 356 255 - "Office 365 General" "none" 80 None 1 +datasource :2020-05-02 00:02:20 50 172.154.68.57 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?5d8c6264cf2d5789 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 384 316 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-02 00:02:14 138 172.34.28.170 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11366 679 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:02:13 6 172.999.235.220 - - authentication_failed DENIED "WhiteList Search Engines/Portals" - 407 TCP_DENIED CONNECT - tcp www.google.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 223 - "none" "none" 3128 None 1 +datasource :2020-05-02 00:01:57 407 172.12.172.101 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gdmdc.good.com 443 / - - "Apache-HttpClient/4.5.2 (Java/1.8.0_181)" 172.88.888.2 3373 1419 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:01:56 1734 172.70.20.159 user16 - - OBSERVED "Business/Economy Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp cm.everesttech.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 4148 2316 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 00:01:43 100370 172.49.60.5 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:01:41 308 172.999.248.89 user39 - - OBSERVED "Government/Legal" - 200 TCP_TUNNELED CONNECT - tcp cdn.cookielaw.org 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 6529 2041 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:01:35 136 172.34.27.122 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:01:34 10252 172.92.46.154 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.130 9440 / - - "Java/1.8.0_222" 172.88.888.2 4479 20998 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 00:01:26 65932 172.999.227.95 user2 - - OBSERVED "Office365 Internet Telephony Chat (IM)/SMS" - 200 TCP_TUNNELED CONNECT - tcp config.edge.skype.com 443 / - - - 172.88.888.2 7651 1064 - "Office 365 Skype for Business" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:01:23 4272 172.999.232.243 user2 proxy-allow-social-media - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp web.hb.ad.cpe.dotomi.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 3686 2131 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-02 00:01:22 89157 172.188.37.153 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2416 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:01:03 105181 172.888.19.173 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:53 1712 172.999.193.106 user11 - - OBSERVED "WhiteList Search Engines/Portals" - 200 TCP_TUNNELED CONNECT - tcp www.google.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 1716 1976 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:00:52 2155 172.888.146.32 user5 - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 18609 2692 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:40 11283 172.999.197.50 user4 Socialite-Actiance%20Monitoring - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp vpaid.doubleverify.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 7790 892 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-02 00:00:37 15830 172.92.14.159 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.3 9440 / - - "Java/1.8.0_191" 172.88.888.2 3558 1353167 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-02 00:00:34 34050 172.149.32.171 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2666 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:30 125328 172.34.211.107 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 7326 4250 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:27 124866 172.888.46.63 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:27 123961 172.888.58.218 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:24 60237 172.888.180.143 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp vortex-win.data.microsoft.com 443 / - - - 172.88.888.2 4203 4624 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-02 00:00:24 6 172.999.236.181 - - - OBSERVED "Web Infrastructure" - 304 TCP_HIT GET application/pkix-crl http crl.pki.goog 80 /GTS1O1.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 403 228 - "none" "none" 80 United%20States 2 +datasource :2020-05-02 00:00:19 13 172.70.65.54 - - authentication_failed DENIED "missCategorizedURL Technology/Internet" - 407 TCP_DENIED CONNECT - tcp a.slack-edge.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Slack/4.5.0 Chrome/80.0.3987.163 Electron/8.2.2 Safari/537.36 Sonic Slack_SSB/4.5.0" 172.88.888.2 331 276 - "none" "none" 3128 None 2 +datasource :2020-05-02 00:00:13 36 172.999.237.93 - - authentication_failed DENIED "WhiteList Technology/Internet" - 407 TCP_DENIED CONNECT - tcp accounts.google.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 233 - "Google Search" "none" 3128 None 1 +datasource :2020-05-02 00:00:09 121 172.92.24.208 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 17430 679 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-02 00:00:04 46018 172.48.22.84 user99 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp px.moatads.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 1489 6956 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:59:54 59325 172.124.49.120 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp optanon.blob.core.windows.net 443 / - - "Autn-WKOOP" 172.88.888.2 30018 975 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:59:49 47392 172.34.242.153 - - - OBSERVED "WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ntnew.service-now.com 443 / - - "Jakarta Commons-HttpClient/3.1" 172.88.888.2 14329 3684 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:59:49 153 172.888.999.247 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6405 2190 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:59:42 378 172.888.82.31 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp eus2-jobruntimedata-prod-su1.azure-automation.net 443 / - - "SignalR.Client.NetStandard/2.4.0.0 (Microsoft Windows NT 6.2.9200.0)" 172.88.888.2 14786 2722 - "none" "none" 80 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 23:59:41 128067 172.888.180.191 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:59:40 4828 172.999.233.179 user38 - - OBSERVED "Office365 Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp support.content.office.net 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.88863" 172.88.888.2 17501 1279 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:59:28 3714 172.92.250.98 - - - OBSERVED "Technology/Internet" - 200 TCP_NC_MISS GET text/plain %20charset=utf-8 http s.3gl.net 80 /hawkscheduleserver/snfeed.ashx ?t=cz&d=20200501212120417 ashx "Mozilla/4.0 (compatible Catchpoint)" 172.88.888.2 174 376 - "none" "none" 80 None 6 +datasource :2020-05-01 23:59:23 1 172.12.127.32 - - TNT_BlockPage DENIED "Technology/Internet" - 403 TCP_DENIED CONNECT - tcp login.live.com 443 / - - - 172.88.888.2 185 65 - "none" "none" 80 None 1 +datasource :2020-05-01 23:59:02 118131 172.888.84.119 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 24391 1062 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:59:00 29941 172.34.41.159 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.34.250.192 9440 / - - "Java/1.8.0_222" 172.88.888.2 7756 1686 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 23:58:59 114695 172.68.4.169 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5483 4081 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:51 106628 172.51.192.138 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2375 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:46 154583 172.888.66.164 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 23751 1030 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:45 122262 172.12.169.173 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5739 5773 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:38 3601 172.999.226.209 user6 - - OBSERVED "WhiteList Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp pagead2.googlesyndication.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1612 2030 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:31 82057 172.197.141.171 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2417 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:30 194 172.999.199.132 - - authentication_failed DENIED "WhiteList Search Engines/Portals" - 407 TCP_DENIED CONNECT - tcp www.google.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 537 312 - "none" "none" 3128 None 1 +datasource :2020-05-01 23:58:27 120014 172.188.21.133 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 39 200 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:27 1444 172.999.225.219 user50 - - OBSERVED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp abcd.sharepoint.com 443 / - - - 172.88.888.2 8150 3268 - "Office 365 SharePoint" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:26 60092 172.92.2.161 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.130 9440 / - - "Java/1.8.0_222" 172.88.888.2 4919 1008 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 23:58:24 290 172.999.197.12 user13 - - OBSERVED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp abcd-my.sharepoint.com 443 / - - - 172.88.888.2 7475 2184 - "Office 365 SharePoint" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:58:18 66113 172.92.999.249 - - tcp_error DENIED "none" - 503 TCP_ERR_MISS GET - http 169.254.169.254 80 /metadata/instance ?api-version=2017-12-01 - - 172.88.888.2 1519 119 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 23:58:09 100008 172.188.1.57 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 39 158 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:58:09 100276 172.888.217.100 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:57:57 3835 172.999.195.216 user1 - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp webql-redesign.cnbcfm.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1033 1707 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:55 135 172.34.27.139 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:53 30280 172.48.140.159 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7750 1713 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:50 445 172.92.250.95 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp img.catchpoint.com 443 / - - "Mozilla/4.0 (compatible Catchpoint)" 172.88.888.2 3551 4470 - "none" "none" 80 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 23:57:48 126948 172.888.35.54 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:34 122403 172.888.205.235 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5158 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:25 2 172.70.64.38 - - authentication_failed DENIED "WhiteList Technology/Internet" - 407 TCP_DENIED CONNECT - tcp safebrowsing.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 249 - "none" "none" 3128 None 1 +datasource :2020-05-01 23:57:25 129 172.34.27.139 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:24 615557 172.888.46.192 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 29469 228953 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:57:15 60238 172.888.82.146 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp vortex-win.data.microsoft.com 443 / - - - 172.88.888.2 4203 4496 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:57:01 161 172.70.172.20 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp mgmt.amp.cisco.com 443 / - - "ImmunetProtect/6.1.7.10741" 172.88.888.2 11287 1845 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:59 100337 172.91.29.62 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 6857 1270 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:55 7 172.888.42.248 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?782283b0ff20e557 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 376 322 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-01 23:56:53 3 172.888.0.246 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36" 172.88.888.2 0 293 - "none" "none" 31415 None 3 +datasource :2020-05-01 23:56:38 1997 172.999.213.115 user1 - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp na2.docusign.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 186 795 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:35 274 172.93.64.30 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp data.mgmt.cloud.vmware.com 443 / - - "curl/7.59.0" 172.88.888.2 5562 951 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:30 7 172.999.216.214 - - authentication_failed DENIED "Business/Economy" - 407 TCP_DENIED CONNECT - tcp abcd.my.salesforce.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 331 226 - "none" "none" 3128 None 2 +datasource :2020-05-01 23:56:27 2156250 172.12.139.69 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 53194 394127 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:20 155 172.91.90.210 - - - OBSERVED "Web Infrastructure" - 200 TCP_TUNNELED CONNECT - tcp sgapi.es.bluecoat.com 443 / - - "Apache-HttpClient/4.5.6 (Java/1.8.0_171)" 172.88.888.2 4734 2944 - "none" "none" 80 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 23:56:20 175856 172.92.999.32 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6802 1562 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:56:19 101180 172.54.48.125 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2375 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:17 5 172.999.209.182 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "Mozilla/4.0 (compatible)" 172.88.888.2 0 145 - "none" "none" 31415 None 3 +datasource :2020-05-01 23:56:17 1 172.888.184.246 - - - OBSERVED "Web Infrastructure" - 206 TCP_HIT GET application/octet-stream http au.download.windowsupdate.com 80 /d/msdownload/update/software/defu/2020/05/am_delta_patch_1.313.2675.0_f789961bacb53b8cb61b9c83c08ac8903e27f8f0.exe - exe "Microsoft BITS/7.8" 172.88.888.2 1571 328 - "Microsoft Update" "Update Software" 80 United%20States 1 +datasource :2020-05-01 23:56:08 147 172.34.27.139 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 12534 610 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:06 283 172.92.26.18 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 323365 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:56:05 2 172.48.240.138 - - authentication_failed DENIED "WhiteList Business/Economy" - 407 TCP_DENIED GET - http www.concursolutions.com 80 /Images/ConcurLogo.jpg - jpg "Mozilla/4.0 (compatible MSIE 7.0 Windows NT 6.1 WOW64 Trident/7.0 SLCC2 .NET CLR 2.0.50727 .NET CLR 3.5.30729 .NET CLR 3.0.30729 Media Center PC 6.0 .NET4.0C .NET4.0E wbx 1.0.0 Zoom 3.6.0 wbxvdi 1.0.0 Microsoft Outlook 14.0.7236 ms-office MSOffice 14)" 172.88.888.2 2006 666 - "none" "none" 3128 None 2 +datasource :2020-05-01 23:56:03 3034 172.92.250.95 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp clients2.googleusercontent.com 443 / - - "Mozilla/5.0 (X11 Linux x86_64 Catchpoint) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" 172.88.888.2 150617 1574 - "none" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:55:43 131025 172.888.89.217 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6802 1620 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:55:43 8 172.168.64.190 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?c511fc024b86de6f cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 379 316 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-01 23:55:42 284 172.92.26.18 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 308784 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:55:36 663 172.166.186.131 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6405 2196 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:55:34 14 172.154.88.40 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?a3a8b856587dfeca cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 379 316 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-01 23:55:31 27 172.34.999.249 - - - OBSERVED "WhiteList samplewhitelist sample-data-Domains Finance" - 200 TCP_NC_MISS POST application/json %20charset=utf-8 http my2013.abcd.com 80 /My/rml4/_vti_bin/client.svc/ProcessQuery - - "Mozilla/5.0 (compatible MSIE 172.0 Windows NT 6.2 Trident/6.0 MS FrontPage Sharegate ISV|Sharegate|Desktop/12.2.3.2344|NonInteractive)" 172.88.888.2 1547 2564 - "none" "none" 80 None 3 +datasource :2020-05-01 23:55:26 245 172.49.80.31 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp intake.amp.cisco.com 443 / - - "ImmunetProtect/6.2.9.10881" 172.88.888.2 7536 1473 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:55:12 121224 172.999.254.148 user12 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp mboxedge17.tt.omtrdc.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 5306 1890 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 23:55:08 319 172.92.26.18 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 376052 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:56 1591515 172.888.174.101 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 39219 414133 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:55 94276 172.888.17.108 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:53 51 172.34.250.116 - - - OBSERVED "Technology/Internet" - 200 TCP_NC_MISS GET text/plain %20charset=utf-8 http s.3gl.net 80 /hawkscheduleserver/sn.ashx ?a=s&t=1023985&mg=0&w=202005012355&i=0&n=1&e=0&g= ashx "Mozilla/4.0 (compatible Catchpoint)" 172.88.888.2 165 432 - "none" "none" 80 None 6 +datasource :2020-05-01 23:54:45 30949 172.9.42.44 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2191 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:41 2558 172.999.207.85 user1 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp ups.analytics.yahoo.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 12406 9360 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 23:54:39 1 172.888.65.114 - - - OBSERVED "Office365 Web Infrastructure" - 200 TCP_HIT GET application/pkix-crl http crl.microsoft.com 80 /pki/crl/products/MicWinHarComPCA_2010-11-01.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 1066 308 - "Office 365 General" "none" 80 United%20States 1 +datasource :2020-05-01 23:54:31 32 172.92.250.48 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.34.40.10 9440 / - - - 172.88.888.2 6076 2082 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 23:54:24 6 172.154.100.28 - - - OBSERVED "skipAntiVirus Technology/Internet" - 206 TCP_NC_MISS GET multipart/byteranges %20boundary=3d6b6a416f9b5 http tlu.dl.delivery.mp.microsoft.com 80 /filestreamingservice/files/cdbc263e-e891-4b23-863e-dc9322ebb2d0 ?P1=1588378918&P2=402&P3=2&P4=ITkJWAI%2b48obFFdvAk1VeHCUX%2f37VTkLdhY0BHKuXDhpc%2f%2fihrnrIMVXjunEmqB2gy4AZnMHqe24aSBhfcL%2bMQ%3d%3d - "Microsoft BITS/7.8" 172.88.888.2 24095 496 - "Office 365 General" "none" 80 None 1 +datasource :2020-05-01 23:54:21 16 172.999.192.94 - - authentication_failed DENIED "Web Ads/Analytics" - 407 TCP_DENIED CONNECT - tcp ib.adnxs.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 219 - "none" "none" 3128 None 4 +datasource :2020-05-01 23:54:19 1 172.999.249.86 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "WinHttp-Autoproxy-Service/5.1" 172.88.888.2 0 155 - "none" "none" 31415 None 3 +datasource :2020-05-01 23:54:18 170765 172.89.6.98 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 20369 149677 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:17 114 172.92.31.62 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 17270 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:15 100189 172.888.89.66 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1087 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:54:12 2616255 172.12.22.106 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 37487 309798 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:12 600218 172.999.201.25 user84 - - OBSERVED "skipAntiVirus WhiteList samplewhitelist sample-data-Domains Finance" - 200 TCP_TUNNELED CONNECT - tcp intfos.sampledata.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 881 1905 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:12 60231 172.12.204.123 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp vortex-win.data.microsoft.com 443 / - - - 172.88.888.2 4203 4524 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:54:07 45526 172.12.172.101 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gdrelay.good.com 443 / - - - 172.88.888.2 6887 3259 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:54:05 31070 172.149.116.27 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7737 2713 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:59 227 172.999.208.226 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 12960 802 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:59 9 172.14.888.136 - - authentication_failed DENIED "WhiteList samplewhitelist sample-data-Domains Finance" - 407 TCP_DENIED CONNECT - tcp securefile.abcd.com 443 / - - "CAPI_WINDOWS_5.2.1.1" 172.88.888.2 537 224 - "none" "none" 3128 None 3 +datasource :2020-05-01 23:53:58 30913 172.160.24.52 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 4348 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:56 63588 172.888.182.203 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 9157 6443 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:53 65390 172.3.999.175 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 5403 10800 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:50 106749 172.888.186.76 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:42 1 172.80.34.88 - - authentication_failed DENIED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 407 TCP_DENIED CONNECT - tcp abcd-my.sharepoint.com 443 / - - - 172.88.888.2 537 170 - "Office 365 SharePoint" "none" 3128 None 2 +datasource :2020-05-01 23:53:38 198 172.90.14.99 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp ncu.frontend.clouddatahub.net 443 / - - - 172.88.888.2 8978 3643 - "none" "none" 443 Ambiguous%20-%20Special%20Use 6 +datasource :2020-05-01 23:53:32 1277510 172.124.48.62 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 17337 88218 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:31 3450 172.999.204.182 user17 - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gov.aniview.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 6484 1781 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:24 87000 172.888.223.132 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5238 3164 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:08 861 172.168.5.156 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.160.26.8 9440 / - - "Java/1.8.0_191" 172.88.888.2 3980 969 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 23:53:08 359 172.92.21.132 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.3 9440 / - - "Java/1.8.0_191" 172.88.888.2 3941 1000 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 23:53:08 30986 172.3.198.70 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2187 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:53:06 1 172.91.19.111 - - authentication_failed DENIED "Technology/Internet" - 407 TCP_DENIED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 298 159 - "none" "none" 80 None 2 +datasource :2020-05-01 23:53:00 536 172.999.192.94 user2 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp t.myvisualiq.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 215 795 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 23:52:58 1681 172.999.231.94 user13 - - OBSERVED "WhiteList Search Engines/Portals" - 200 TCP_TUNNELED CONNECT - tcp encrypted-tbn1.gstatic.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 502925 1618 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:52:41 41 172.80.34.88 user12 - authentication_failed DENIED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 407 TCP_DENIED CONNECT - tcp abcd-my.sharepoint.com 443 / - - - 172.88.888.2 252 814 - "Office 365 SharePoint" "none" 3128 None 2 +datasource :2020-05-01 23:52:39 113 172.8.240.143 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?6ee30209c1a808c5 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 372 364 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-01 23:52:33 151 172.48.230.7 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 12382 889 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:52:31 415 172.48.22.84 user99 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp analytics.myfidevs.io 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 674 4292 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 23:52:30 1027326 172.70.2.174 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 54819 362453 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:52:29 118999 172.32.229.135 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 6232 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:52:10 287 172.999.222.117 user6 - - OBSERVED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp abcd-my.sharepoint.com 443 / - - - 172.88.888.2 7754 2916 - "Office 365 SharePoint" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 23:52:09 3 172.173.43.24 - - - OBSERVED "missCategorizedURL WhiteList samplewhitelist Technology/Internet" - 200 TCP_NC_MISS HEAD application/octet-stream http dl.delivery.mp.microsoft.com 80 /filestreamingservice/files/64ab7b8a-f825-42ee-9dbc-5aa67f89fb40 - - "Microsoft BITS/7.8" 172.88.888.2 358 255 - "Office 365 General" "none" 80 None 1 +datasource :2020-05-01 23:52:03 715 172.32.59.22 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp api.loganalytics.io 443 / - - "Apache-HttpClient/4.5.9 (Java/1.8.0_252)" 172.88.888.2 6405 2357 - "none" "none" 80 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 23:51:59 1 172.80.34.88 - - authentication_failed DENIED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 407 TCP_DENIED CONNECT - tcp abcd-my.sharepoint.com 443 / - - - 172.88.888.2 331 81 - "Office 365 SharePoint" "none" 3128 None 2 +datasource :2020-05-01 23:51:54 136960 172.999.193.84 user1 - - OBSERVED "WhiteList Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp ocws.officeapps.live.com 443 / - - - 172.88.888.2 8524 5812 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 23:51:50 3 172.48.80.5 - - authentication_failed DENIED "WhiteList samplewhitelist sample-data-Domains Finance" - 407 TCP_DENIED CONNECT - tcp securefile.abcd.com 443 / - - "CAPI_WINDOWS_8.0.2.2" 172.88.888.2 537 224 - "none" "none" 3128 None 3 +datasource :2020-05-01 22:52:43 1 172.80.12.143 - - authentication_failed DENIED "WhiteList Technology/Internet" - 407 TCP_DENIED CONNECT - tcp clientservices.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 253 - "none" "none" 3128 None 1 +datasource :2020-05-01 22:52:32 420 172.198.52.140 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/disallowedcertstl.cab ?00721515164ca752 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 429 364 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-01 22:52:31 104398 172.999.232.131 user59 - - OBSERVED "doNotCache skipAntiVirus WhiteList Online Meetings" - 200 TCP_TUNNELED CONNECT - tcp abcd.webex.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.88863" 172.88.888.2 15211 4821 - "Cisco WebEx" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:52:31 73329 172.888.175.19 - - tcp_error DENIED "none" - 503 TCP_ERR_MISS GET - http 169.254.169.254 80 /metadata/instance ?api-version=2017-12-01 - - 172.88.888.2 1519 119 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 22:52:28 7058 172.34.999.93 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 15712 175282 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:52:10 1 172.172.88.139 - - - OBSERVED "Office365 Web Infrastructure" - 200 TCP_HIT GET application/pkix-crl http crl.microsoft.com 80 /pki/crl/products/MicWinHarComPCA_2010-11-01.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 1066 308 - "Office 365 General" "none" 80 United%20States 1 +datasource :2020-05-01 22:52:08 106 172.124.22.1 - - - OBSERVED "Finance" - 200 TCP_TUNNELED CONNECT - tcp las608.api.fraudmap.net 443 / - - "Jakarta Commons-HttpClient/3.1" 172.88.888.2 46 339 - "none" "none" 443 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 22:52:01 1 172.12.43.60 - - tcp_error DENIED "none" - 503 TCP_ERR_MISS CONNECT - tcp 127.0.0.1 18089 / - - - 172.88.888.2 185 53 - "none" "none" 443 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 22:51:30 100283 172.38.12.217 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6509 1045 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:51:29 60252 172.34.65.104 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp settings-win.data.microsoft.com 443 / - - - 172.88.888.2 4172 2102 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:51:19 89543 172.999.194.18 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp sampledata.perfectomobile.com 443 / - - "okhttp/3.11.0" 172.88.888.2 438617 29873 - "none" "none" 80 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 22:51:06 514 172.999.198.255 user33 - - OBSERVED "WhiteList Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp roaming.officeapps.live.com 443 / - - - 172.88.888.2 7311 9358 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:51:03 3 172.34.250.116 - - tcp_error DENIED "none" - 503 TCP_ERR_MISS GET - http 0.0.0.0 50129 / - - "Mozilla/5.0 (X11 Linux x86_64 Catchpoint) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" 172.88.888.2 1487 251 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 22:50:43 1113 172.999.193.106 user11 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp crcdn01.adnxs.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 9525 12163 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:50:38 10394 172.999.194.2 - - - OBSERVED "doNotAuth Finance" - 200 TCP_TUNNELED CONNECT - tcp www.fundsaum.amgr.sungard.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1227 1894 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 22:50:34 479 172.92.30.78 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 666921 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:50:16 5 172.999.211.56 - - authentication_failed DENIED "Office365 Office/Business Applications" - 407 TCP_DENIED CONNECT - tcp nexusrules.officeapps.live.com 443 / - - - 172.88.888.2 331 97 - "Office 365 General" "none" 3128 None 1 +datasource :2020-05-01 22:50:13 155 172.999.208.127 - - authentication_failed DENIED "Content Delivery Networks" - 407 TCP_DENIED CONNECT - tcp confiant-integrations.global.ssl.fastly.net 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 282 - "none" "none" 3128 None 2 +datasource :2020-05-01 22:50:12 23 172.888.70.20 user67 - - OBSERVED "WhiteList samplewhitelist sample-data-Domains Finance" - 200 TCP_TUNNELED CONNECT - tcp abcd.com 443 / - - - 172.88.888.2 4567 764 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 22:50:06 303 172.999.236.81 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp winatp-gw-eus.microsoft.com 443 / - - - 172.88.888.2 6405 2188 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:49:58 31009 172.68.12.220 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7738 2193 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:54 1 172.80.34.149 - - authentication_failed DENIED "WhiteList Technology/Internet" - 407 TCP_DENIED CONNECT - tcp clientservices.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 331 253 - "none" "none" 3128 None 1 +datasource :2020-05-01 22:49:51 71540 172.12.84.194 - - - OBSERVED "doNotCache skipAntiVirus WhiteList samplewhitelist Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp abcd.service-now.com 443 / - - "Jakarta Commons-HttpClient/3.1" 172.88.888.2 18051 8473 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:44 9134 172.999.222.125 user35 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp wf.taboola.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" 172.88.888.2 6121 7617 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 22:49:42 379 172.999.203.231 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp us-v20.events.data.microsoft.com 443 / - - - 172.88.888.2 4833 13837 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:49:39 257191 172.92.243.53 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp gdrelay.good.com 443 / - - - 172.88.888.2 4660 1197 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:34 119 172.92.28.66 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11414 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:21 2 172.54.42.209 - - authentication_failed DENIED "WhiteList samplewhitelist Technology/Internet" - 407 TCP_DENIED CONNECT - tcp fonts.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36" 172.88.888.2 331 236 - "none" "none" 3128 None 1 +datasource :2020-05-01 22:49:20 15 172.12.46.110 - - authentication_failed DENIED "samplewhitelist Finance" - 407 TCP_DENIED CONNECT - tcp ark03.uat.omnium.com 443 / - - "AlexK/2.0 (.NET CLR 3.5.30729)" 172.88.888.2 532 251 - "none" "none" 3128 None 4 +datasource :2020-05-01 22:49:14 31928 172.89.130.21 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7663 1667 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:13 309 172.888.211.888 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp eus2-jobruntimedata-prod-su1.azure-automation.net 443 / - - "SignalR.Client.NetStandard/2.4.0.0 (Microsoft Windows NT 6.2.9200.0)" 172.88.888.2 14786 2722 - "none" "none" 80 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 22:49:12 3 172.888.54.162 - - authentication_failed DENIED "Web Ads/Analytics" - 407 TCP_DENIED CONNECT - tcp api.segment.io 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 537 299 - "none" "none" 3128 None 3 +datasource :2020-05-01 22:49:11 283 172.92.24.13 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 297259 642 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:11 124286 172.888.218.140 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:06 123512 172.12.139.42 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 7001 2406 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:49:06 76059 172.888.204.193 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 4236 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:48:55 373 172.999.231.86 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 25210 889 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:48:53 120736 172.888.145.234 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 5414 2391 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:48:51 7 172.888.0.246 - - - PROXIED "WhiteList samplewhitelist sample-data-Domains Finance" - 0 - GET - http http-proxy.abcd.com 31415 /accelerated_pac_base.pac - pac "Mozilla/5.0 (Windows NT 172.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36" 172.88.888.2 0 260 - "none" "none" 31415 None 3 +datasource :2020-05-01 22:48:31 127235 172.999.219.228 user48 - - OBSERVED "Office365 Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp mobile.pipe.aria.microsoft.com 443 / - - "AriaSDK Client" 172.88.888.2 6616 2859 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:48:29 31061 172.80.38.64 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7663 1667 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:48:26 1503388 172.92.211.173 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 30012 271402 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:44 30 172.999.193.132 - - authentication_failed DENIED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 407 TCP_DENIED CONNECT - tcp abcd-my.sharepoint.com 443 / - - "Microsoft Office Excel/16.36.413 (Mac OS/172.14.6 Desktop en-US AppStore Apple/MacBookPro14,2)" 172.88.888.2 252 375 - "Office 365 SharePoint" "none" 3128 None 2 +datasource :2020-05-01 22:24:44 320 172.34.1.200 - - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp insights.nutanix.com 443 / - - - 172.88.888.2 3947 3458 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:42 289 172.999.197.12 user13 - - OBSERVED "allowExternalStorage Office365 File Storage/Sharing Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp abcd-my.sharepoint.com 443 / - - - 172.88.888.2 16262 3273 - "Office 365 SharePoint" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:41 674 172.999.224.206 user46 - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp app.link 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 819 1435 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 5 +datasource :2020-05-01 22:24:41 60618 172.172.114.41 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp vortex-win.data.microsoft.com 443 / - - - 172.88.888.2 4203 4688 - "Office 365 General" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:24:38 2019 172.999.224.206 user46 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp match.adsrvr.org 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 6899 3696 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:36 1767 172.999.224.206 user46 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp ml314.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1120 1643 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 22:24:36 88081 172.999.209.95 user1 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp clientservices.googleapis.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1201 2119 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:24:33 130 172.34.27.201 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:32 32460 172.197.137.37 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 2855 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:29 121006 172.80.5.25 user6 - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp portal.catchpoint.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 12905 9480 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 22:24:16 107873 172.888.146.45 - - - OBSERVED "Content Delivery Networks" - 200 TCP_TUNNELED CONNECT - tcp scadvisorcontent.blob.core.windows.net 443 / - - - 172.88.888.2 48604 1014 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:16 152 172.888.35.201 user3 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp sync.mathtag.com 443 / - - "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 3959 1162 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:24:15 1425 172.172.5.133 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.160.154.2 9440 / - - "Java/1.8.0_191" 172.88.888.2 3492 78134 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 22:24:11 240312 172.999.216.146 user1 - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp collector-pxu6b0qd2s.px-cloud.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 1768 3033 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 5 +datasource :2020-05-01 22:24:04 41261 172.3.186.199 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 3563 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:23:53 273 172.92.26.126 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 262257 679 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:23:51 126493 172.68.2.22 - - - OBSERVED "missCategorizedURL WhiteList samplewhitelist Web Infrastructure" - 200 TCP_TUNNELED CONNECT - tcp fe2.update.microsoft.com 443 / - - - 172.88.888.2 21946 23283 - "Microsoft Update" "Update Software" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:23:47 343 172.888.16.234 user52 - - OBSERVED "Finance" http://207.45.34.1/SecurityDetailInquiry/home.do?cusip=8796V4E57&activity=&key=&option=99 304 TCP_MISS GET image/gif http 207.45.34.1 80 /SecurityDetailInquiry/static/Images/funcSubmit.gif - gif "Mozilla/5.0 (Windows NT 6.1 WOW64 Trident/7.0 rv:11.0) like Gecko" 172.88.888.2 448 1030 - "none" "none" 3128 None 3 +datasource :2020-05-01 22:23:46 1924 172.172.11.143 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.160.154.2 9440 / - - "Java/1.8.0_191" 172.88.888.2 6187 967 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 22:23:46 973 172.92.62.15 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp api.loganalytics.io 443 / - - "Apache-HttpClient/4.5.9 (Java/1.8.0_252)" 172.88.888.2 6405 2344 - "none" "none" 80 Ambiguous%20-%20Special%20Use 4 +datasource :2020-05-01 22:23:46 31098 172.888.70.187 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 2175 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:23:43 31041 172.888.145.58 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp cloud-ec-asn.amp.cisco.com 443 / - - - 172.88.888.2 7939 2859 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:23:41 50 172.92.41.82 - - - OBSERVED "none" - 200 TCP_TUNNELED CONNECT - tcp 172.92.250.4 9440 / - - "Java/1.8.0_191" 172.88.888.2 3498 24628 - "none" "none" 80 Ambiguous%20-%20Special%20Use none +datasource :2020-05-01 22:23:31 187 172.999.192.23 user2 - - OBSERVED "WhiteList Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp googleads.g.doubleclick.net 443 / - - "Mozilla/5.0 (Windows NT 6.1 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 172.88.888.2 39 249 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:23:30 1 172.999.235.32 - - authentication_failed DENIED "Office365 Internet Telephony Chat (IM)/SMS" - 407 TCP_DENIED CONNECT - tcp config.edge.skype.com 443 / - - - 172.88.888.2 331 79 - "Office 365 Skype for Business" "none" 3128 None 2 +datasource :2020-05-01 22:23:30 389955 172.91.19.130 user201$ - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.ods.opinsights.azure.com 443 / - - - 172.88.888.2 11812 50090 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:23:16 5 172.999.214.143 user20 - TNT_BlockPage DENIED "Technology/Internet File Storage/Sharing" - 403 TCP_DENIED CONNECT - tcp scss.adobesc.com 443 / - - "CoreSync/4.3.36.1 AdobeACSLEng/1.00 (ACLSEng Mac)" 172.88.888.2 185 182 - "none" "none" 3128 None 2 +datasource :2020-05-01 22:23:08 96841 172.999.248.244 user62 - - OBSERVED "Office365 Office/Business Applications" - 200 TCP_TUNNELED CONNECT - tcp nexusrules.officeapps.live.com 443 / - - - 172.88.888.2 8654 1215 - "Office 365 General" "none" 3128 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:23:03 2838 172.34.250.116 - - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp clientservices.googleapis.com 443 / - - "Mozilla/5.0 (X11 Linux x86_64 Catchpoint) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" 172.88.888.2 60209 969 - "none" "none" 80 Ambiguous%20-%20Special%20Use 1 +datasource :2020-05-01 22:22:56 106451 172.124.49.120 - - - OBSERVED "Web Ads/Analytics" - 200 TCP_TUNNELED CONNECT - tcp cdn.branch.io 443 / - - "abcd-web-crawler-face-value" 172.88.888.2 28792 659 - "none" "none" 443 Ambiguous%20-%20Special%20Use 5 +datasource :2020-05-01 22:22:56 362650 172.124.49.120 - - - OBSERVED "WhiteList News" - 200 TCP_TUNNELED CONNECT - tcp medium.com 443 / - - "abcd-web-crawler-face-value" 172.88.888.2 43614 10663 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:56 129551 172.888.94.152 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 6912 6523 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:53 1 172.888.160.237 - - - OBSERVED "Office365 Web Infrastructure" - 200 TCP_HIT GET application/pkix-crl http crl.microsoft.com 80 /pki/crl/products/WinPCA.crl - crl "Microsoft-CryptoAPI/6.1" 172.88.888.2 1008 289 - "Office 365 General" "none" 80 Australia 1 +datasource :2020-05-01 22:22:51 92347 172.51.191.90 - - - OBSERVED "Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp xxx-xxxx-xxxx-xxxx.oms.opinsights.azure.com 443 / - - - 172.88.888.2 4678 5084 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:51 8 172.888.78.44 - - - OBSERVED "Web Infrastructure" - 304 TCP_MISS GET application/vnd.ms-cab-compressed http ctldl.windowsupdate.com 80 /msdownload/update/v3/static/dataedr/en/authrootstl.cab ?45b43bdbf3decd02 cab "Microsoft-CryptoAPI/6.1" 172.88.888.2 379 316 - "Microsoft Update" "Update Software" 80 None 1 +datasource :2020-05-01 22:22:49 140 172.34.24.125 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:48 509 172.34.24.125 - - - OBSERVED "doNotAuth Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp tetra-defs.amp.cisco.com 443 / - - - 172.88.888.2 11504 669 - "none" "none" 80 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:47 142 172.999.198.142 user35 - - OBSERVED "WhiteList samplewhitelist sample-data-Domains Finance" - 200 TCP_TUNNELED CONNECT - tcp abcd.com 443 / - - - 172.88.888.2 5050 765 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 3 +datasource :2020-05-01 22:22:42 4987 172.48.121.165 user2 - - OBSERVED "Finance" - 200 TCP_TUNNELED CONNECT - tcp my.apps.factset.com 443 / - - - 172.88.888.2 4328 2684 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:36 64102 172.124.49.120 - - - OBSERVED "Business/Economy" - 200 TCP_TUNNELED CONNECT - tcp collector-medium.lightstep.com 443 / - - "abcd-web-crawler-face-value" 172.88.888.2 6256 6544 - "none" "none" 443 Ambiguous%20-%20Special%20Use 2 +datasource :2020-05-01 22:22:34 257 172.999.196.166 user6 - - OBSERVED "WhiteList Technology/Internet" - 200 TCP_TUNNELED CONNECT - tcp update.googleapis.com 443 / - - - 172.88.888.2 4757 2028 - "none" "none" 3128 Ambiguous%20-%20Special%20Use 1 \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/VMWareESXIRaw.log b/Tools/Syslog-cef-data-replicator/Sample Data/VMWareESXIRaw.log new file mode 100644 index 00000000000..9b687fb17ab --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/VMWareESXIRaw.log @@ -0,0 +1,675 @@ +SAMPLEHOST0001 Skipping device naa.60000970000292605361533031323730 either due to VSI read error or abnormal state +SAMPLEHOST0001 Skipping device naa.60000970000292605361533031423439 either due to VSI read error or abnormal state +SAMPLEHOST0001 Skipping device naa.60000970000292605361533031423444 either due to VSI read error or abnormal state +SAMPLEHOST0001 Skipping device naa.60000970000292605361533031323637 either due to VSI read error or abnormal state +SAMPLEHOST0001 Skipping device naa.60000970000292605361533030424336 either due to VSI read error or abnormal state +SAMPLEHOST0002 Skipping device naa.60000970000292605361533031323730 either due to VSI read error or abnormal state +SAMPLEHOST0002 info vpxa[9B66B70] [Originator@6876 sub=VpxaHalResourcePool opID=SWI-1263f955] GetOverrideFailureCount() = 0 MAX_CONSECUTIVE_OVERRIDE_FAILURES = 3 +SAMPLEHOST0002 IpmiIfcSensorGetThresholds: Sensor Number = 0x21, failed send cc = 0xc3 +SAMPLEHOST0003 IpmiIfcSensorGetThresholds: getHysteresis(132, 16, true) returned cc = 203 +SAMPLEHOST0003 IpmiIfcSensorGetThresholds: getHysteresis(132, 16, true) returned cc = 203 +SAMPLEHOST0003 info vpxa[72BEB70] [Originator@6876 sub=VpxaHalResourcePool opID=SWI-19708715] GetOverrideFailureCount() = 0 MAX_CONSECUTIVE_OVERRIDE_FAILURES = 3 +SAMPLEHOST0004 Skipping device naa.60000970000292605361533030424341 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031323730 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031314636 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031423439 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031314645 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031423444 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533030424341 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031323730 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031314636 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031423439 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031314645 either due to VSI read error or abnormal state +SAMPLEHOST0004 Skipping device naa.60000970000292605361533031423444 either due to VSI read error or abnormal state +SAMPLEHOST0004 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0004 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0005 IpmiIfcSensorGetThresholds: getHysteresis(192, 17, true) returned cc = 203 +SAMPLEHOST0005 IpmiIfcSensorGetThresholds: getHysteresis(192, 17, true) returned cc = 203 +SAMPLEHOST0005 IpmiIfcSensorGetThresholds: getHysteresis(192, 17, true) returned cc = 203 +SAMPLEHOST0005 IpmiIfcSensorGetThresholds: getHysteresis(192, 17, true) returned cc = 203 +SAMPLEHOST0005 Skipping device naa.60000970000292605361533030424341 either due to VSI read error or abnormal state +SAMPLEHOST0005 Skipping device naa.60000970000292605361533031323730 either due to VSI read error or abnormal state +SAMPLEHOST0005 Skipping device naa.60000970000292605361533031314636 either due to VSI read error or abnormal state +SAMPLEHOST0005 Skipping device naa.60000970000292605361533031423439 either due to VSI read error or abnormal state +SAMPLEHOST0005 Skipping device naa.60000970000292605361533031314645 either due to VSI read error or abnormal state +SAMPLEHOST0005 Skipping device naa.60000970000292605361533031423444 either due to VSI read error or abnormal state +SAMPLEHOST0005 IpmiIfcSensorGetThresholds: Sensor Number = 0x21, failed send cc = 0xc3 +SAMPLEHOST0006.sample.com info vpxa[758CB70] [Originator@6876 sub=vpxLro opID=330ebd8-12] [VpxLRO] -- BEGIN lro-150682 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 5245fd50-dea4-6d3f-f1ca-b878576f45a6 +SAMPLEHOST0006.sample.com info hostd[10481B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=ab73dcbc user=vpxuser] FetchUplinkDVPortgroups: Appended uplinkPg for dvs 50 33 0a a7 d5 34 2d a0-99 52 6e c5 8f c7 1e 41 portgroup dvportgroup-89934 +SAMPLEHOST0006.sample.com info hostd[10481B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=ab73dcbc user=vpxuser] FetchUplinkDVPortgroups: Appended uplinkPg for dvs 50 33 97 b4 96 b1 c5 42-c7 0e 58 7f 3e ec 29 45 portgroup dvportgroup-114164 +SAMPLEHOST0006.sample.com info hostd[10481B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=ab73dcbc user=vpxuser] FetchUplinkDVPortgroups: Appended uplinkPg for dvs 50 33 c3 27 21 a5 ce 21-08 37 8f 0b 9e c7 94 ba portgroup dvportgroup-89936 +SAMPLEHOST0006.sample.com info hostd[10481B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=ab73dcbc user=vpxuser] FetchUplinkDVPortgroups: Appended uplinkPg for dvs 50 33 c7 24 e5 61 1f 96-b6 42 bf 52 18 97 f4 2d portgroup dvportgroup-114166 +SAMPLEHOST0006.sample.com info hostd[10481B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=ab73dcbc user=vpxuser] FetchUplinkDVPortgroups: added 6 items +SAMPLEHOST0008 Skipping device naa.6000144000000010a00cbd8559574a7d either due to VSI read error or abnormal state +SAMPLEHOST0008 Skipping device naa.6000144000000010a00cbd8559574a7f either due to VSI read error or abnormal state +SAMPLEHOST0008 Skipping device naa.6000144000000010a00cbd8559575345 either due to VSI read error or abnormal state +SAMPLEHOST0008 Skipping device naa.6000144000000010a00cbd8559574a81 either due to VSI read error or abnormal state +SAMPLEHOST0008 Skipping device naa.6000144000000010a00cbd85595752ba either due to VSI read error or abnormal state +SAMPLEHOST0008 Skipping device naa.6000144000000010a00cbd85595752bc either due to VSI read error or abnormal state +SAMPLEHOST009 warning fdm[8250B70] [Originator@6876 sub=Cluster] [HostPing::Ping] sendto[ipv4] 10.107.51.214: Host is down +SAMPLEHOST009 IpmiIfcSensorGetThresholds: getHysteresis(24, 12, true) returned cc = 203 +SAMPLEHOST009 warning fdm[810BB70] [Originator@6876 sub=Cluster] [HostPing::Ping] sendto[ipv4] 10.107.51.214: Host is down +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 26] queue [1] +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 26] queue [0] +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 info vpxa[102E1B70] [Originator@6876 sub=vpxLro opID=HB-host-142278@3429892-48312a44-f] [VpxLRO] -- BEGIN session[52ad7951-bc59-c623-3df8-7feea3da3c32]5237d512-3b33-e8ce-57d2-2e2541991904 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 52ad7951-bc59-c623-3df8-7feea3da3c32 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 cpu32:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 31] queue [2] +SAMPLEHOST0021 cpu32:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b9:00:5d +SAMPLEHOST0021 cpu32:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 31] queue [0] +SAMPLEHOST0021 cpu32:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b9:00:5d +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 100 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 100 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 140 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 100 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'AUTOMIS', site '' with flags 100 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain '', site '' with flags 140 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'uk.consignia.com', site '' with flags 100 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'ukdev.uk.consignia.com', site '' with flags 100 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0021 [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 0 +SAMPLEHOST0021 cpu1:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 26] queue [1] +SAMPLEHOST0021 cpu1:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu1:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 26] queue [0] +SAMPLEHOST0021 cpu1:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu36:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 26] queue [1] +SAMPLEHOST0021 cpu36:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu36:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 26] queue [0] +SAMPLEHOST0021 cpu36:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 26] queue [0] +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 26] queue [1] +SAMPLEHOST0021 cpu28:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 cpu2:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 45] queue [4] +SAMPLEHOST0021 cpu2:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:37:69 +SAMPLEHOST0021 cpu2:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 45] queue [0] +SAMPLEHOST0021 cpu2:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:37:69 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 info vpxa[DEC9B70] [Originator@6876 sub=vpxLro opID=HB-host-142278@3429324-3830041e-e6] [VpxLRO] -- BEGIN session[52ad7951-bc59-c623-3df8-7feea3da3c32]5274a964-2a71-e090-c27a-7743cd079d67 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 52ad7951-bc59-c623-3df8-7feea3da3c32 +SAMPLEHOST0021 info vpxa[F05DB70] [Originator@6876 sub=vpxLro opID=HB-host-142278@3429324-3830041e-e6-SWI-be28feb] [VpxLroList::ForgetTask] Unregistering vim.Task:session[52ad7951-bc59-c623-3df8-7feea3da3c32]521ea5f1-9160-060e-ca6f-1633a5a0953e +SAMPLEHOST0021 info vpxa[DEC9B70] [Originator@6876 sub=vpxLro opID=HB-host-142278@3429324-3830041e-e6] [VpxLRO] -- FINISH session[52ad7951-bc59-c623-3df8-7feea3da3c32]5274a964-2a71-e090-c27a-7743cd079d67 +SAMPLEHOST0021 info vpxa[ED0BB70] [Originator@6876 sub=vpxLro opID=HB-host-142278@3429324-3830041e-45] [VpxLRO] -- BEGIN lro-1859700 -- session[52ad7951-bc59-c623-3df8-7feea3da3c32]52d8c89c-2636-23a7-0a06-ac5cc121192f -- vmodl.query.PropertyCollector.Filter.destroy -- 52ad7951-bc59-c623-3df8-7feea3da3c32 +SAMPLEHOST0021 info vpxa[ED0BB70] [Originator@6876 sub=vpxLro opID=HB-host-142278@3429324-3830041e-45] [VpxLRO] -- FINISH lro-1859700 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0021 cpu0:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 26] queue [0] +SAMPLEHOST0021 cpu0:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 cpu0:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 26] queue [1] +SAMPLEHOST0021 cpu0:65933) nmlx5_core: vmnic0: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:51:a3 +SAMPLEHOST0021 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0022.sample.com info vpxa[7E1AB70] [Originator@6876 sub=vpxLro opID=3d786b15-bc] [VpxLRO] -- BEGIN lro-2372301 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 5206c336-5126-0689-f047-d811913e8897 +SAMPLEHOST0023.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0023.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0023.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0023.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com cpu133:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 23] queue [1] +SAMPLEHOST0024.sample.com cpu133:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:45:68 +SAMPLEHOST0024.sample.com cpu133:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 23] queue [0] +SAMPLEHOST0024.sample.com cpu133:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:45:68 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(88, 21, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(88, 21, true) returned cc = 203 +SAMPLEHOST0024.sample.com info vpxa[D089B70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678594-5d55f348-40] [VpxLRO] -- BEGIN session[52908bc7-673e-dc2f-8726-70d13fe8ef72]521881cd-707e-cf9b-01c4-f0fd16d7444d -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 52908bc7-673e-dc2f-8726-70d13fe8ef72 +SAMPLEHOST0024.sample.com info vpxa[C860B70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678594-5d55f348-40-SWI-2adf377d] [VpxLroList::ForgetTask] Unregistering vim.Task:session[52908bc7-673e-dc2f-8726-70d13fe8ef72]5294c880-f544-733a-01fe-08e916a76a56 +SAMPLEHOST0024.sample.com info vpxa[D089B70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678594-5d55f348-40] [VpxLRO] -- FINISH session[52908bc7-673e-dc2f-8726-70d13fe8ef72]521881cd-707e-cf9b-01c4-f0fd16d7444d +SAMPLEHOST0024.sample.com info vpxa[7825B70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678594-5d55f348-89] [VpxLRO] -- BEGIN lro-2082961 -- session[52908bc7-673e-dc2f-8726-70d13fe8ef72]52484a86-fdbc-8a16-f0b4-d486e4121775 -- vmodl.query.PropertyCollector.Filter.destroy -- 52908bc7-673e-dc2f-8726-70d13fe8ef72 +SAMPLEHOST0024.sample.com info vpxa[7825B70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678594-5d55f348-89] [VpxLRO] -- FINISH lro-2082961 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com cpu167:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 20] queue [0] +SAMPLEHOST0024.sample.com cpu167:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b3:69:21 +SAMPLEHOST0024.sample.com cpu167:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 20] queue [2] +SAMPLEHOST0024.sample.com cpu167:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b3:69:21 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com info vpxa[7867B70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678597-21215b69-c5] [VpxLRO] -- BEGIN session[52908bc7-673e-dc2f-8726-70d13fe8ef72]52dcd2ee-9c15-0b56-1253-3e6814564278 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 52908bc7-673e-dc2f-8726-70d13fe8ef72 +SAMPLEHOST0024.sample.com info vpxa[7F3EB70] [Originator@6876 sub=vpxLro opID=HB-host-89929@3678597-21215b69-c5-SWI-25737434] [VpxLroList::ForgetTask] Unregistering vim.Task:session[52908bc7-673e-dc2f-8726-70d13fe8ef72]520c1c1c-c2d4-cc0c-1067-45a2db867f6f +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '19' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '21' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '27' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '28' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '31' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '32' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '34' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '37' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '38' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '4' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '41' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '42' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '44' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '47' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '52' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '54' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '55' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '56' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '57' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '61' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '62' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '63' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '64' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '66' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '68' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '73' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '74' already registered +SAMPLEHOST0024.sample.com warning hostd[15981B70] [Originator@6876 sub=VigorStatsProvider(342159352)] AddVirtualMachine: VM '9' already registered +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 100 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 100 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 140 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 100 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'AUTOMIS', site '' with flags 100 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain '', site '' with flags 140 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'uk.consignia.com', site '' with flags 100 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'ukdev.uk.consignia.com', site '' with flags 100 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0024.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 0 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0024.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0025.sample.com info vpxa[949FB70] [Originator@6876 sub=vpxLro opID=330ebd8-8b] [VpxLRO] -- BEGIN lro-2031826 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 5252d6c7-35cf-e898-7c03-f4c3138e324a +SAMPLEHOST0025.sample.com [netlogon] Determining the current time for domain 'SMPL.samplecompanyGROUP.NET' +SAMPLEHOST0025.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 10 +SAMPLEHOST0025.sample.com info vpxa[978EB70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284782-3df6cef7-4c] [VpxLRO] -- BEGIN session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52ebf0dd-b837-1ff2-c50b-873327bcdc44 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 5252d6c7-35cf-e898-7c03-f4c3138e324a +SAMPLEHOST0025.sample.com info vpxa[9586B70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284782-3df6cef7-4c-SWI-476abd28] [VpxLroList::ForgetTask] Unregistering vim.Task:session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52bf5d7c-136c-b9e6-814c-2d10161e620a +SAMPLEHOST0025.sample.com info hostd[17285B70] [Originator@6876 sub=VsanSimsStubImpl opID=7e1a1ac6 user=vpxuser] Calling vim.host.VsanSystem.GetConfig +SAMPLEHOST0025.sample.com info vpxa[A52AB70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284786-907f7cb-5e] [VpxLRO] -- BEGIN session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52065a39-9755-2e27-da5a-979ee414fabb -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 5252d6c7-35cf-e898-7c03-f4c3138e324a +SAMPLEHOST0025.sample.com info vpxa[A4C7B70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284786-907f7cb-5e-SWI-4fa71227] [VpxLroList::ForgetTask] Unregistering vim.Task:session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52ebf0dd-b837-1ff2-c50b-873327bcdc44 +SAMPLEHOST0025.sample.com info vpxa[A52AB70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284786-907f7cb-5e] [VpxLRO] -- FINISH session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52065a39-9755-2e27-da5a-979ee414fabb +SAMPLEHOST0025.sample.com info vpxa[943CB70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284786-907f7cb-71] [VpxLRO] -- BEGIN lro-2031825 -- session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52a16664-d6a9-e578-46be-9960481fda3f -- vmodl.query.PropertyCollector.Filter.destroy -- 5252d6c7-35cf-e898-7c03-f4c3138e324a +SAMPLEHOST0025.sample.com info vpxa[943CB70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284786-907f7cb-71] [VpxLRO] -- FINISH lro-2031825 +SAMPLEHOST0025.sample.com info vpxa[A509B70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284808-144b0fee-5a] [VpxLRO] -- BEGIN session[5252d6c7-35cf-e898-7c03-f4c3138e324a]526ce429-cd62-b12b-9adf-6f0fddec3162 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 5252d6c7-35cf-e898-7c03-f4c3138e324a +SAMPLEHOST0025.sample.com info vpxa[943CB70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284808-144b0fee-5a-SWI-2bd6294e] [VpxLroList::ForgetTask] Unregistering vim.Task:session[5252d6c7-35cf-e898-7c03-f4c3138e324a]52c3f387-8649-7af2-0f26-22048ed6713d +SAMPLEHOST0025.sample.com info vpxa[A509B70] [Originator@6876 sub=vpxLro opID=HB-host-89907@4284808-144b0fee-5a] [VpxLRO] -- FINISH session[5252d6c7-35cf-e898-7c03-f4c3138e324a]526ce429-cd62-b12b-9adf-6f0fddec3162 +SAMPLEHOST0026.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0026.sample.com Skipping device naa.60000970000297700435533030333435 either due to VSI read error or abnormal state +SAMPLEHOST0027.sample.com IpmiIfcSensorGetThresholds: getHysteresis(3, 25, true) returned cc = 203 +SAMPLEHOST0028.sample.com cpu44:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 15] queue [3] +SAMPLEHOST0028.sample.com cpu44:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:4a:eb +SAMPLEHOST0028.sample.com cpu44:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 15] queue [0] +SAMPLEHOST0028.sample.com cpu44:65933) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:4a:eb +SAMPLEHOST0028.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0028.sample.com Skipping device naa.60000970000297700435533030333437 either due to VSI read error or abnormal state +SAMPLEHOST0028.sample.com info vpxa[10F90B70] [Originator@6876 sub=vpxLro opID=HB-host-89894@478460-3ebdba25-7a] [VpxLRO] -- BEGIN session[527301e5-7f3b-2e0e-82e7-3c56e7cc6b70]5208ea75-9f2d-4144-ab0f-405144cbce6d -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 527301e5-7f3b-2e0e-82e7-3c56e7cc6b70 +SAMPLEHOST0028.sample.com info vpxa[10581B70] [Originator@6876 sub=vpxLro opID=HB-host-89894@478460-3ebdba25-7a-SWI-1a691df1] [VpxLroList::ForgetTask] Unregistering vim.Task:session[527301e5-7f3b-2e0e-82e7-3c56e7cc6b70]5238ef95-179a-3a04-d6b0-c2ba81a055ce +SAMPLEHOST0028.sample.com info vpxa[10F90B70] [Originator@6876 sub=vpxLro opID=HB-host-89894@478460-3ebdba25-7a] [VpxLRO] -- FINISH session[527301e5-7f3b-2e0e-82e7-3c56e7cc6b70]5208ea75-9f2d-4144-ab0f-405144cbce6d +SAMPLEHOST0028.sample.com info vpxa[10DA1B70] [Originator@6876 sub=vpxLro opID=HB-host-89894@478460-3ebdba25-42] [VpxLRO] -- BEGIN lro-849913 -- session[527301e5-7f3b-2e0e-82e7-3c56e7cc6b70]52457931-06f5-ed8f-0956-8aa92e97e990 -- vmodl.query.PropertyCollector.Filter.destroy -- 527301e5-7f3b-2e0e-82e7-3c56e7cc6b70 +SAMPLEHOST0028.sample.com info vpxa[10DA1B70] [Originator@6876 sub=vpxLro opID=HB-host-89894@478460-3ebdba25-42] [VpxLRO] -- FINISH lro-849913 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0028.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0029.sample.com IpmiIfcSensorGetThresholds: getHysteresis(147, 21, true) returned cc = 203 +SAMPLEHOST0029.sample.com IpmiIfcSensorGetThresholds: getHysteresis(147, 21, true) returned cc = 203 +SAMPLEHOST0029.sample.com IpmiIfcSensorGetThresholds: getHysteresis(147, 21, true) returned cc = 203 +SAMPLEHOST0029.sample.com IpmiIfcSensorGetThresholds: getHysteresis(147, 21, true) returned cc = 203 +SAMPLEHOST0029.sample.com IpmiIfcSensorGetThresholds: getHysteresis(147, 21, true) returned cc = 203 +SAMPLEHOST0030.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0030.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0030.sample.com IpmiIfcSensorGetThresholds: getHysteresis(188, 255, true) returned cc = 203 +SAMPLEHOST0030.sample.com IpmiIfcSensorGetThresholds: getHysteresis(188, 255, true) returned cc = 203 +SAMPLEHOST0030.sample.com IpmiIfcSensorGetThresholds: getHysteresis(188, 255, true) returned cc = 203 +SAMPLEHOST0030.sample.com IpmiIfcSensorGetThresholds: getHysteresis(188, 255, true) returned cc = 203 +SAMPLEHOST0010.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0032.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0032.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0032.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0033.sample.com IpmiIfcSensorGetThresholds: getHysteresis(172, 26, true) returned cc = 203 +SAMPLEHOST0034.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0034.sample.com warning hostd[16A01B70] [Originator@6876 sub=Statssvc.vim.PerformanceManager] Calculated read I/O size 1047835 for scsi0:2 is out of range -- 1047835,prevBytes = 835565523968 curBytes = 838487938048 prevCommands = 1185932curCommands = 1188721 +SAMPLEHOST0034.sample.com warning hostd[16A01B70] [Originator@6876 sub=Statssvc.vim.PerformanceManager] Calculated read I/O size 1048576 for scsi0:2 is out of range -- 1048576,prevBytes = 10994129446912 curBytes = 10998025955328 prevCommands = 20176056curCommands = 20179772 +SAMPLEHOST0034.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0035.sample.com info vpxa[879FB70] [Originator@6876 sub=vpxLro opID=8c802d1-c7] [VpxLRO] -- BEGIN lro-785839 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 5252c8d9-50d5-9cee-9c95-d8bb616e7199 +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 100 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 100 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 140 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 100 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'AUTOMIS', site '' with flags 100 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain '', site '' with flags 140 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'uk.consignia.com', site '' with flags 100 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'ukdev.uk.consignia.com', site '' with flags 100 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0035.sample.com [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 0 +SAMPLEHOST0035.sample.com info hostd[159C2B70] [Originator@6876 sub=VsanSimsStubImpl opID=ee42937d user=vpxuser] Calling vim.host.VsanSystem.GetConfig +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '105' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '110' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '111' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '112' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '121' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '13' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '143' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '145' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '157' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '158' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '159' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '167' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '168' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '178' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '181' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '200' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '202' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '205' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '208' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '239' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '244' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '247' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '256' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '259' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '26' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '261' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '263' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '264' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '265' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '266' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '268' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '270' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '272' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '306' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '308' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '309' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '315' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '34' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '358' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '365' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '37' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '374' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '391' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '4' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '426' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '428' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '50' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '56' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '63' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '79' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '81' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '84' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '87' already registered +SAMPLEHOST0035.sample.com warning hostd[13FF4B70] [Originator@6876 sub=VigorStatsProvider(351290536)] AddVirtualMachine: VM '90' already registered +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0035.sample.com IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0036.sample.com info vpxa[6058B70] [Originator@6876 sub=vpxLro opID=cbb38b-f2] [VpxLRO] -- BEGIN lro-1212082 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e +SAMPLEHOST0036.sample.com info vpxa[6058B70] [Originator@6876 sub=vpxLro opID=HB-host-89901@584940-5eae078b-64] [VpxLRO] -- BEGIN session[528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e]5295917c-9b1f-1041-8edc-659f61856229 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e +SAMPLEHOST0036.sample.com info vpxa[5999B70] [Originator@6876 sub=vpxLro opID=HB-host-89901@584940-5eae078b-64-SWI-11c9c943] [VpxLroList::ForgetTask] Unregistering vim.Task:session[528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e]52510e45-ec0b-875a-a914-6ca103306775 +SAMPLEHOST0036.sample.com info vpxa[6058B70] [Originator@6876 sub=vpxLro opID=HB-host-89901@584940-5eae078b-64] [VpxLRO] -- FINISH session[528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e]5295917c-9b1f-1041-8edc-659f61856229 +SAMPLEHOST0036.sample.com info vpxa[60FDB70] [Originator@6876 sub=vpxLro opID=HB-host-89901@584940-5eae078b-18] [VpxLRO] -- BEGIN lro-1212086 -- session[528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e]52003717-71fa-1d32-ce99-c8cba3111cb2 -- vmodl.query.PropertyCollector.Filter.destroy -- 528aafbe-33c7-c62d-b0fa-e3a24ed1ed9e +SAMPLEHOST0036.sample.com info vpxa[60FDB70] [Originator@6876 sub=vpxLro opID=HB-host-89901@584940-5eae078b-18] [VpxLRO] -- FINISH lro-1212086 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com IpmiIfcSensorGetThresholds: getHysteresis(44, 21, true) returned cc = 203 +SAMPLEHOST0036.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0036.sample.com info hostd[15640B70] [Originator@6876 sub=VsanSimsStubImpl opID=f4d2c4ed user=vpxuser] Calling vim.host.VsanSystem.GetConfig +SAMPLEHOST0036.sample.com warning vpxa[59DBB70] [Originator@6876 sub=VpxProfiler] InvokeWithOpId [TotalTime] took 3136 ms +SAMPLEHOST0037.sample.com info hostd[18D40B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=3c238c38 user=vpxuser] FetchUplinkDVPortgroups: Appended uplinkPg for dvs 50 33 0a a7 d5 34 2d a0-99 52 6e c5 8f c7 1e 41 portgroup dvportgroup-89934 +SAMPLEHOST0037.sample.com info hostd[18D40B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=3c238c38 user=vpxuser] FetchUplinkDVPortgroups: Appended uplinkPg for dvs 50 33 c3 27 21 a5 ce 21-08 37 8f 0b 9e c7 94 ba portgroup dvportgroup-89936 +SAMPLEHOST0037.sample.com info hostd[18D40B70] [Originator@6876 sub=Hostsvc.DvsTracker opID=3c238c38 user=vpxuser] FetchUplinkDVPortgroups: added 57 items +SAMPLEHOST0037.sample.com info vpxa[9422B70] [Originator@6876 sub=vpxLro opID=HB-host-89902@455562-5bf8183c-4f] [VpxLRO] -- BEGIN session[52d16561-8b85-ceed-b46d-be4ae8ca7158]52365859-fa35-c3de-dd2d-8e3f141ab7b4 -- vpxa -- vpxapi.VpxaService.retrieveChanges -- 52d16561-8b85-ceed-b46d-be4ae8ca7158 +SAMPLEHOST0037.sample.com info vpxa[94A6B70] [Originator@6876 sub=vpxLro opID=HB-host-89902@455562-5bf8183c-4f-SWI-6a5e4ee0] [VpxLroList::ForgetTask] Unregistering vim.Task:session[52d16561-8b85-ceed-b46d-be4ae8ca7158]528f6711-81a5-4a84-8d82-4bdfeb6e7768 +SAMPLEHOST0038.sample.com info vpxa[6E98B70] [Originator@6876 sub=vpxLro opID=1d7a6648-9d] [VpxLRO] -- BEGIN lro-698730 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 520c0970-4bac-6106-c33c-230a31a2ddb2 +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '143' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '162' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '214' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '216' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '228' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '246' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '267' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '268' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '279' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '305' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '320' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '345' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '35' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '38' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '43' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '45' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '55' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '57' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '58' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '61' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '66' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '67' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '68' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '7' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '72' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '74' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '77' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '78' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '79' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '86' already registered +SAMPLEHOST0038.sample.com warning hostd[191C2B70] [Originator@6876 sub=VigorStatsProvider(409264032)] AddVirtualMachine: VM '95' already registered +SAMPLEHOST0038.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0038.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0038.sample.com cpu53:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 13] queue [2] +SAMPLEHOST0038.sample.com cpu53:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:18:3f +SAMPLEHOST0038.sample.com cpu53:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 13] queue [0] +SAMPLEHOST0038.sample.com cpu53:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:a7:18:3f +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '100' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '101' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '102' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '106' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '109' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '111' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '112' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '114' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '118' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '120' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '126' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '128' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '139' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '148' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '159' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '16' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '160' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '161' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '177' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '182' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '186' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '190' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '191' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '192' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '213' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '22' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '234' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '245' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '246' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '247' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '273' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '275' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '276' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '279' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '282' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '348' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '375' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '376' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '46' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '70' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '74' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '91' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '94' already registered +SAMPLEHOST0039.sample.com warning hostd[16580B70] [Originator@6876 sub=VigorStatsProvider(342174104)] AddVirtualMachine: VM '97' already registered +SAMPLEHOST0039.sample.com info vpxa[C535B70] [Originator@6876 sub=vpxLro opID=1d7a6648-85] [VpxLRO] -- BEGIN lro-722675 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 527cebd4-63ed-8972-3593-3b9ea527e12a +SAMPLEHOST0039.sample.com Skipping device naa.60000970000297700435533030314242 either due to VSI read error or abnormal state +SAMPLEHOST0040.sample.com info vpxa[2B642B70] [Originator@6876 sub=vpxLro opID=330ebd8-f6] [VpxLRO] -- BEGIN lro-953850 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 52215810-38af-0428-8b56-23043301ccbd +SAMPLEHOST0040.sample.com IPMI SEL sync took 0 seconds 0 sel records, last 27 +SAMPLEHOST0040.sample.com info hostd[10340B70] [Originator@6876 sub=Libs opID=4d273333] NetstackInstanceImpl: congestion control algorithm: newreno +SAMPLEHOST0040.sample.com info hostd[10340B70] [Originator@6876 sub=VsanSimsStubImpl opID=4d273333] Calling vim.host.VsanSystemEx.GetVsanRuntimeInfo +SAMPLEHOST0041 IPMI SEL sync took 0 seconds 0 sel records, last 11 +SAMPLEHOST0041 info hostd[10281B70] [Originator@6876 sub=Libs opID=782de41c] NetstackInstanceImpl: congestion control algorithm: newreno +SAMPLEHOST0041 info hostd[10281B70] [Originator@6876 sub=VsanSimsStubImpl opID=782de41c] Calling vim.host.VsanSystemEx.GetVsanRuntimeInfo +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 100 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 100 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 140 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 100 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'AUTOMIS', site '' with flags 100 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain '', site '' with flags 140 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'uk.consignia.com', site '' with flags 100 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'ukdev.uk.consignia.com', site '' with flags 100 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0042 [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 0 +SAMPLEHOST0043 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0043 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0043 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0043 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0043 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0043 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0044 IpmiIfcSensorGetThresholds: getHysteresis(122, 10, true) returned cc = 203 +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 18] queue [0] +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b9:54:f8 +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 22] queue [1] +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b9:32:0b +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 18] queue [0] +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b9:32:0b +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 22] queue [4] +SAMPLEHOST0046 cpu8:65933) nmlx5_core: vmnic1: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:b9:54:f8 +SAMPLEHOST0046 warning hostd[D281B70] [Originator@6876 sub=Statssvc.vim.PerformanceManager] Calculated write I/O size 768504 for scsi0:1 is out of range -- 768504,prevBytes = 290175704064 curBytes = 290277915136 prevCommands = 471693curCommands = 471826 +SAMPLEHOST0047 IpmiIfcSensorGetThresholds: Sensor Number = 0xa7, failed send cc = 0xc3 +SAMPLEHOST0047 IpmiIfcSensorGetThresholds: Sensor Number = 0x3f, failed send cc = 0xc3 +SAMPLEHOST0047 IpmiIfcSensorGetReading: Sensor Number 0x89, failed send cc = 0xc3 +SAMPLEHOST0047 IpmiIfcSensorGetReading: Sensor Number 0x0, failed send cc = 0xc3 +SAMPLEHOST0047 IpmiIfcSensorGetReading: Sensor Number 0x7, failed send cc = 0xc3 +SAMPLEHOST0048 IpmiIfcSensorGetThresholds: Sensor Number = 0x75, failed send cc = 0xc3 +SAMPLEHOST0048 IpmiIfcSensorGetReading: Sensor Number 0x7d, failed send cc = 0xc3 +SAMPLEHOST0049 IpmiIfcSensorGetThresholds: Sensor Number = 0x73, failed send cc = 0xc3 +SAMPLEHOST0051 info vpxa[A67FB70] [Originator@6876 sub=vpxLro opID=3d786b15-db] [VpxLRO] -- BEGIN lro-176054 -- vpxa -- vpxapi.VpxaService.queryBatchPerformanceStatistics -- 527f5139-c681-b931-dbc9-3c61c89d98c6 +SAMPLEHOST0051 info vpxa[A67FB70] [Originator@6876 sub=vpxLro opID=3d786b15-db] [VpxLRO] -- FINISH lro-176054 +SAMPLEHOST0051 info vpxa[A4D2B70] [Originator@6876 sub=VpxaHalResourcePool opID=SWI-1f3701f0] GetOverrideFailureCount() = 0 MAX_CONSECUTIVE_OVERRIDE_FAILURES = 3 +SAMPLEHOST0051 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0051 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0051 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0051 IpmiIfcSensorGetThresholds: getHysteresis(0, 0, true) returned cc = 203 +SAMPLEHOST0051 IPMI SEL sync took 0 seconds 0 sel records, last 48891 +SAMPLEHOST0051 info hostd[17985B70] [Originator@6876 sub=Libs opID=46406ff9] NetstackInstanceImpl: congestion control algorithm: newreno +SAMPLEHOST0051 info hostd[17985B70] [Originator@6876 sub=VsanSimsStubImpl opID=46406ff9] Calling vim.host.VsanSystemEx.GetVsanRuntimeInfo +SAMPLEHOST0051 cpu18:65757) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only removed from FT[NON-TUNNEL: idx 7] queue [0] +SAMPLEHOST0051 cpu18:65757) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:95:45:96 +SAMPLEHOST0051 cpu18:65757) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1583) filter MAC Only applied on FT[NON-TUNNEL: idx 7] queue [1] +SAMPLEHOST0051 cpu18:65757) nmlx5_core: vmnic11: nmlx5_en_PrintFilterOpInfo - (nmlx5_core_en_multiq.c:1600) filter info: MAC 00:50:56:95:45:96 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T3:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu25:1040586)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu25:1040586)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T3:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu48:1040342)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu48:1040342)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T3:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu22:1041048)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu22:1041048)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T3:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu23:1038849)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu23:1038849)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T3:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu21:1040225)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu21:1040225)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba3:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T3:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba2:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T2:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba5:C0:T1:L0 is not registered (no active paths) +SAMPLEHOST0052 cpu49:1039937)WARNING: vmw_psp_rr: psp_rrSelectPathToActivate:1101: Could not select path for device "Unregistered Device". +SAMPLEHOST0052 cpu49:1039937)WARNING: NMP: nmpPathClaimEnd:1217: Device, seen through path vmhba4:C0:T0:L0 is not registered (no active paths) +SAMPLEHOST0052 warning hostd[16540B70] [Originator@6876 sub=VigorStatsProvider(370520368)] AddVirtualMachine: VM '8' already registered +SAMPLEHOST0052 warning hostd[16540B70] [Originator@6876 sub=VigorStatsProvider(370520368)] AddVirtualMachine: VM '9' already registered +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 IpmiIfcSensorGetThresholds: getHysteresis(156, 22, true) returned cc = 203 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 100 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 100 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'SMPL.samplecompanygroup.net', site '' with flags 140 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'AUTOMIS', site '' with flags 100 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain '', site '' with flags 140 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 100 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'uk.consignia.com', site '' with flags 100 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'ukdev.uk.consignia.com', site '' with flags 100 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'consignia.com', site '' with flags 140 +SAMPLEHOST0052 [netlogon] Looking for a DC in domain 'SMPL.samplecompanyGROUP.NET', site '' with flags 0 +SAMPLEHOST0053 IpmiIfcSelGetInfo: IPMI_CMD_GET_SEL_INFO cc=0xff +SAMPLEHOST0053 IpmiIfcSelGetInfo: IPMI_CMD_GET_SEL_INFO cc=0xff +SAMPLEHOST0053 warning hostd[15540B70] [Originator@6876 sub=VigorStatsProvider(356534680)] AddVirtualMachine: VM '12' already registered +SAMPLEHOST0053 warning hostd[15540B70] [Originator@6876 sub=VigorStatsProvider(356534680)] AddVirtualMachine: VM '14' already registered +SAMPLEHOST0053 warning hostd[15540B70] [Originator@6876 sub=VigorStatsProvider(356534680)] AddVirtualMachine: VM '15' already registered +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0054.sample.com IpmiIfcSensorGetThresholds: getHysteresis(232, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0055 IpmiIfcSensorGetThresholds: getHysteresis(35, 21, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 +SAMPLEHOST0057 IpmiIfcSensorGetThresholds: getHysteresis(184, 24, true) returned cc = 203 \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/esetsyslograw.log b/Tools/Syslog-cef-data-replicator/Sample Data/esetsyslograw.log new file mode 100644 index 00000000000..2628b47f49f --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/esetsyslograw.log @@ -0,0 +1,4 @@ +<12>1 2022-04-12T14:21:47.166Z VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"88E277D8BC756FF3BCCBBBB8E7BEA2B00B489756"} +<12>1 2022-04-12T14:21:47.166Z VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"88E277D8BC756FF3BCCBBBB8E7BEA2B00B489756"} +<12>1 2022-04-12T14:21:47.167Z VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe/Script.nsi","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"0177DCF7219627E8787C3470A096C76A40E9DA53"} +<12>1 2022-04-12T14:21:47.167Z VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe/Script.nsi","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"0177DCF7219627E8787C3470A096C76A40E9DA53"} diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/esetsyslograw2.log b/Tools/Syslog-cef-data-replicator/Sample Data/esetsyslograw2.log new file mode 100644 index 00000000000..628982ae2ae --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/esetsyslograw2.log @@ -0,0 +1,4 @@ +<12>1 2022-04-12T14:21:47 VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"88E277D8BC756FF3BCCBBBB8E7BEA2B00B489756"} +<12>1 2022-04-12T14:21:47 VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"88E277D8BC756FF3BCCBBBB8E7BEA2B00B489756"} +<12>1 2022-04-12T14:21:47 VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe/Script.nsi","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"0177DCF7219627E8787C3470A096C76A40E9DA53"} +<12>1 2022-04-12T14:21:47 VIQESETNA-EC2 ERAServer 1296 - - ...{"event_type":"Threat_Event","ipv4":"10.0.0.192","hostname":"viq-showe","source_uuid":"67d8dcc8-725a-40a4-bd07-397648cab6d4","occured":"12-Apr-2022 14:21:01","severity":"Warning","threat_type":"Potentially unwanted application","threat_name":"Win32/WaveBrowser.A","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"25094 (20220412)","object_type":"File","object_uri":"file:///C:/Users/SUSANR~1/AppData/Local/Temp/{1E278041-6939-4D8B-8350-ABCC0FAC1F4E}-WaveInstaller-v1.1.6.1.exe/Script.nsi","action_taken":"Cleaned by deleting","threat_handled":true,"need_restart":false,"username":"AzureAD\\SusanRowe","processname":"C:\\Users\\SusanRowe\\Wavesor Software\\SWUpdater\\SWUpdater.exe","circumstances":"Event occurred on a newly created file.","hash":"0177DCF7219627E8787C3470A096C76A40E9DA53"} diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/firepowercefraw.log b/Tools/Syslog-cef-data-replicator/Sample Data/firepowercefraw.log new file mode 100644 index 00000000000..79527da05cd --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/firepowercefraw.log @@ -0,0 +1,3171 @@ +<13>Mar 03 21:00:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1487 bytesOut=555 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930963000 externalId=37377 proto=6 reason=N/A request="http://releases.flowplayer.org/5.5.2/skin/minimalist.css?ver=4.3" requestClientApplication=Chrome rt=1645930963000 spt=49432 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:00:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=787 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a29.x.a.yimg.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=64.215.170.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930958000 externalId=31469 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930958000 spt=32789 src=10.1.244.195 start=1645930958000 suser=No Authentication Required +<13>Mar 03 21:00:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=49432 dst=10.1.62.12 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121993 proto=TCP requestClientApplication=Chrome rt=1645934564000 spt=80 src=94.31.29.43 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:11:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1487 bytesOut=555 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930963000 externalId=37377 proto=6 reason=N/A request="http://releases.flowplayer.org/5.5.2/skin/minimalist.css?ver=4.3" requestClientApplication=Chrome rt=1645930963000 spt=49432 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:11:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=787 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a29.x.a.yimg.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=64.215.170.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930958000 externalId=31469 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930958000 spt=32789 src=10.1.244.195 start=1645930958000 suser=No Authentication Required +<13>Mar 03 21:11:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=49432 dst=10.1.62.12 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121993 proto=TCP requestClientApplication=Chrome rt=1645934564000 spt=80 src=94.31.29.43 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:11:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1487 bytesOut=555 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930963000 externalId=37377 proto=6 reason=N/A request="http://releases.flowplayer.org/5.5.2/skin/minimalist.css?ver=4.3" requestClientApplication=Chrome rt=1645930963000 spt=49432 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:11:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=787 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a29.x.a.yimg.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=64.215.170.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930958000 externalId=31469 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930958000 spt=32789 src=10.1.244.195 start=1645930958000 suser=No Authentication Required +<13>Mar 03 21:11:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=49432 dst=10.1.62.12 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121993 proto=TCP requestClientApplication=Chrome rt=1645934564000 spt=80 src=94.31.29.43 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:19:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1487 bytesOut=555 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930963000 externalId=37377 proto=6 reason=N/A request="http://releases.flowplayer.org/5.5.2/skin/minimalist.css?ver=4.3" requestClientApplication=Chrome rt=1645930963000 spt=49432 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:19:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=787 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a29.x.a.yimg.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=64.215.170.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930958000 externalId=31469 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930958000 spt=32789 src=10.1.244.195 start=1645930958000 suser=No Authentication Required +<13>Mar 03 21:19:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=49432 dst=10.1.62.12 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121993 proto=TCP requestClientApplication=Chrome rt=1645934564000 spt=80 src=94.31.29.43 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:24:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1487 bytesOut=555 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930963000 externalId=37377 proto=6 reason=N/A request="http://releases.flowplayer.org/5.5.2/skin/minimalist.css?ver=4.3" requestClientApplication=Chrome rt=1645930963000 spt=49432 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=787 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a29.x.a.yimg.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=64.215.170.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930958000 externalId=31469 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930958000 spt=32789 src=10.1.244.195 start=1645930958000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=49432 dst=10.1.62.12 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121993 proto=TCP requestClientApplication=Chrome rt=1645934564000 spt=80 src=94.31.29.43 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=121993 rt=1645934564000 start=1645934564000 +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930961000 externalId=32577 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930961000 spt=56126 src=10.1.168.236 start=1645930961000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=43560 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.240.166.76 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934565000 externalId=41878 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934535000 spt=56578 src=10.1.211.172 start=1645934535000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=379 bytesOut=464 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.33.131.10 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934565000 externalId=31472 proto=6 reason=N/A request="http://audienceinsights.net/cs/s?t=http%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D53%26partneruserid%3D" requestClientApplication=Internet Explorer rt=1645930960000 spt=58018 src=10.1.116.202 start=1645930960000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934566000 externalId=32578 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930961000 spt=56161 src=10.1.168.236 start=1645930961000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934566000 externalId=32580 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930961000 spt=56356 src=10.1.168.236 start=1645930961000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4329 bytesOut=534 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930963000 externalId=37378 proto=6 reason=N/A request="http://releases.flowplayer.org/5.5.2/flowplayer.min.js?ver=5.5.2" requestClientApplication=Chrome rt=1645930963000 spt=49445 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934566000 externalId=32579 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930961000 spt=56317 src=10.1.168.236 start=1645930961000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930961000 externalId=32581 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930961000 spt=56401 src=10.1.168.236 start=1645930961000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Skype bytesOut=300 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5994 dst=61.239.62.41 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930960000 externalId=31471 proto=17 reason=N/A requestClientApplication=2000000832 rt=1645930960000 spt=34862 src=10.1.114.72 start=1645930960000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934567000 externalId=41880 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59020 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934567000 externalId=32582 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930961000 spt=56494 src=10.1.168.236 start=1645930961000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934567000 externalId=37210 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59021 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36110 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59024 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934567000 externalId=41881 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59027 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=116 bytesOut=170 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.102.175 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930964000 externalId=37338 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930948000 spt=50986 src=10.1.95.188 start=1645930948000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934567000 externalId=41882 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59034 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36109 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59023 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36115 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59032 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36108 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59022 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934567000 externalId=37215 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59036 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934567000 externalId=37211 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59025 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934567000 externalId=37212 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59031 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36114 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59030 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36111 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59026 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36113 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59029 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.185.208.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934567000 externalId=36112 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934537000 spt=59028 src=10.1.46.115 start=1645934537000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.1.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934568000 externalId=41883 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934538000 spt=51354 src=10.180.10.102 start=1645934538000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=399 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=host-192-168-100-123.block.example.net.mx deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=32789 dst=10.1.190.96 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930964000 externalId=31477 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930964000 spt=53 src=192.168.100.163 start=1645930964000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1550 bytesOut=347 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.43 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934568000 externalId=32587 proto=6 reason=N/A request=http://releases.flowplayer.org/5.5.2/flowplayer.swf requestClientApplication=Chrome rt=1645930963000 spt=49482 src=10.1.62.12 start=1645930963000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.207.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930965000 externalId=32588 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930965000 spt=49281 src=10.1.84.197 start=1645930965000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=12350 dst=91.190.218.59 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930965000 externalId=31478 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930965000 spt=49703 src=10.1.246.74 start=1645930965000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25407 dst=111.253.136.152 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930967000 externalId=37386 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930967000 spt=59849 src=10.1.137.108 start=1645930967000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=206.190.56.190 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934571000 externalId=41884 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934540000 spt=53473 src=10.1.62.250 start=1645934540000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.92.189.243 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930969000 externalId=37389 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930969000 spt=49290 src=172.16.45.52 start=1645930969000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=736 bytesOut=424 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25407 dst=111.253.136.152 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930967000 externalId=32595 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930967000 spt=53870 src=10.1.137.108 start=1645930967000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4827 bytesOut=1115 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.92.189.243 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930969000 externalId=31484 proto=6 reason=N/A request="http://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Dsingapore%2Bnews%26qs%3Dn%26form%3DQBLH%26sp%3D-1%26pq%3Dsingapore%2Bnews%26sc%3D8-0%26sk%3D%26cvid%3D22561A2E2A7B499EBD494C9D00106057%22%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22http%3A%2F%2Fwww.channelnewsasia.com%2F%22%7D%2C%22widgetId%22%3A%2291dbac525fc0d0f8cd3ed636225f4126083e92bb%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22j5ep6yf4njvjiccc%22%7D%7D%2C%22prnd%22%3A%22j5ep6vsopvkbgzue%22%7D&media=javascript&widgetId=91dbac525fc0d0f8cd3ed636225f4126083e92bb&resizeToContentSize=true&usi=j5ep6yf4njvjiccc&rnd=486572072&prnd=j5ep6vsopvkbgzue&tzo=240&callback=cXJsonpCBj5ep6yfabbpgj872" requestClientApplication=Internet Explorer rt=1645930969000 spt=49292 src=172.16.45.52 start=1645930969000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=81 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=64.4.23.150 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930969000 externalId=37390 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930969000 spt=34862 src=10.1.90.37 start=1645930969000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930969000 externalId=31485 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930969000 spt=40009 src=64.4.23.150 start=1645930969000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=286 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49152 dst=89.133.43.160 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930974000 externalId=32573 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645930960000 spt=59370 src=10.1.13.39 start=1645930960000 suser=No Authentication Required +<13>Mar 03 21:24:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.18.68 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934574000 externalId=37219 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934544000 spt=49470 src=10.1.192.102 start=1645934544000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=216 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5351 dst=172.16.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930977000 externalId=37405 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930977000 spt=54055 src=10.1.58.58 start=1645930977000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=199.27.76.175 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930970000 externalId=31489 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930970000 spt=49219 src=10.1.62.127 start=1645930970000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.92.22.133 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930975000 externalId=32613 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930975000 spt=49381 src=10.1.4.220 start=1645930975000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=108 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5351 dst=172.16.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930977000 externalId=37406 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930977000 spt=63805 src=10.1.58.58 start=1645930977000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.65.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930975000 externalId=32615 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930975000 spt=53212 src=172.16.133.21 start=1645930975000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=138 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=111.221.77.172 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930978000 externalId=37408 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=34862 src=10.1.42.249 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=111.221.77.172 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930978000 externalId=32618 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=34862 src=10.1.42.249 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=286 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=26085 dst=115.64.152.220 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930981000 externalId=37324 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645930941000 spt=59370 src=10.1.65.102 start=1645930941000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DHCP bytesOut=342 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=68 dst=172.16.255.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930977000 externalId=31500 proto=17 reason=N/A requestClientApplication=DHCP client rt=1645930977000 spt=67 src=10.1.58.58 start=1645930977000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=68 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930978000 externalId=32619 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=443 src=111.221.77.172 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=216 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5351 dst=172.16.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930977000 externalId=31501 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930977000 spt=61996 src=10.1.58.58 start=1645930977000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930978000 externalId=31504 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=40016 src=111.221.77.172 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.231.252.74 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930980000 externalId=32623 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930980000 spt=60720 src=10.1.6.116 start=1645930980000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=270 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40020 dst=111.221.77.172 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930978000 externalId=31505 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=34862 src=10.1.42.249 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930978000 externalId=31506 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=40020 src=111.221.77.172 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1580 bytesOut=365 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.84.43.32 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930980000 externalId=32624 proto=6 reason=N/A request=https://sb.voicefive.com requestClientApplication=SSL client rt=1645930980000 spt=60600 src=10.1.191.40 start=1645930980000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.2.250.100 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930983000 externalId=37420 proto=6 reason=N/A requestClientApplication=Unknown rt=1645930983000 spt=49490 src=10.1.49.118 start=1645930983000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40026 dst=111.221.77.172 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930978000 externalId=31507 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=34862 src=10.1.42.249 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=687 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930978000 externalId=31508 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930978000 spt=40026 src=111.221.77.172 start=1645930978000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1512 bytesOut=326 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.2.250.100 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645930983000 externalId=37421 proto=6 reason=N/A request=https://tag.1rx.io requestClientApplication=SSL client rt=1645930983000 spt=49491 src=10.1.49.118 start=1645930983000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=2036 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=204.70.57.242 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930984000 externalId=32632 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930984000 spt=32789 src=10.1.121.149 start=1645930984000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=289 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=nsmty2.uninet.net.mx deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=200.23.242.193 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930982000 externalId=31514 proto=17 reason=N/A requestClientApplication=DNS client rt=1645930982000 spt=32789 src=10.1.96.15 start=1645930982000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=104.236.116.147 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645930992000 externalId=32638 proto=17 reason=N/A requestClientApplication=NTP client rt=1645930992000 spt=123 src=10.180.10.102 start=1645930992000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=103.106.65.219 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930984000 externalId=31518 proto=17 reason=N/A requestClientApplication=NTP client rt=1645930984000 spt=123 src=10.180.10.102 start=1645930984000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=853 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645930985000 externalId=31520 proto=17 reason=N/A requestClientApplication=Unknown rt=1645930985000 spt=53863 src=10.1.115.183 start=1645930985000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=28231 dst=177.32.60.18 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931021000 externalId=31529 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931021000 spt=59370 src=10.1.65.215 start=1645931021000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=44029 dst=176.36.127.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931031000 externalId=32651 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931031000 spt=59370 src=10.1.229.185 start=1645931031000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931021000 externalId=31530 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931021000 spt=28231 src=177.32.60.18 start=1645931021000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=250 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40018 dst=157.55.130.141 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931033000 externalId=32653 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931033000 spt=34862 src=10.1.235.131 start=1645931033000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931033000 externalId=32654 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931033000 spt=40011 src=157.55.130.141 start=1645931033000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=19856 dst=93.86.35.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931035000 externalId=32656 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931035000 spt=59370 src=10.1.168.146 start=1645931035000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=44.190.40.123 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36132 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934592000 spt=123 src=10.180.10.102 start=1645934592000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.94.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934003000 externalId=40925 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934003000 spt=123 src=10.180.10.102 start=1645934003000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.94.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41903 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934597000 spt=123 src=10.180.10.102 start=1645934597000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=204.2.134.163 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36133 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934598000 spt=123 src=10.180.10.102 start=1645934598000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=204.2.134.163 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933375000 externalId=34829 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933375000 spt=123 src=10.180.10.102 start=1645933375000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.16.26.235 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934604000 externalId=40922 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934001000 spt=49992 src=10.1.89.223 start=1645934001000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=688 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.16.26.235 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934604000 externalId=35211 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934001000 spt=50002 src=10.1.89.223 start=1645934001000 suser=No Authentication Required +<13>Mar 03 21:24:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.25.165.35 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934603000 externalId=41898 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934573000 spt=49486 src=10.180.10.102 start=1645934573000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.16.26.235 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934604000 externalId=35209 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934001000 spt=49464 src=10.1.89.223 start=1645934001000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=66.111.4.75 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934607000 externalId=40927 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934005000 spt=49542 src=192.168.1.96 start=1645934005000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=270 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=62.201.225.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933540000 externalId=36016 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933411000 spt=123 src=10.180.10.102 start=1645933411000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=62.201.225.9 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37231 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934614000 spt=123 src=10.180.10.102 start=1645934614000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=194.0.5.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645932235000 externalId=38086 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932235000 spt=123 src=10.180.10.102 start=1645932235000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=194.0.5.123 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41905 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934618000 spt=123 src=10.180.10.102 start=1645934618000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=80.239.148.171 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931022000 externalId=37431 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931022000 spt=55052 src=10.1.132.109 start=1645931022000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8621 dst=85.65.115.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931023000 externalId=37432 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931023000 spt=59370 src=10.1.107.153 start=1645931023000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=3006 bytesOut=273 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.21.220.162 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931026000 externalId=37434 proto=6 reason=N/A request=https://dl-client435.dropbox.com requestClientApplication=SSL client rt=1645931026000 spt=54232 src=10.1.156.7 start=1645931026000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40011 dst=157.55.130.141 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931033000 externalId=37438 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931033000 spt=34862 src=10.1.235.131 start=1645931033000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=66 bytesOut=430 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=211.123.214.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931028000 externalId=31533 proto=6 reason=N/A request=http://from30ty.com/ requestClientApplication=Internet Explorer rt=1645931028000 spt=49693 src=10.1.54.3 start=1645931028000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=125 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931033000 externalId=31536 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931033000 spt=40018 src=157.55.130.141 start=1645931033000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931035000 externalId=37439 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931035000 spt=19856 src=93.86.35.200 start=1645931035000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=60925 dst=177.206.170.211 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931040000 externalId=31538 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931040000 spt=59370 src=10.1.116.216 start=1645931040000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2784 bytesOut=2859 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64261 dst=10.1.21.53 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931043000 externalId=31542 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931043000 spt=443 src=173.194.122.7 start=1645931043000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=50.16.228.126 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934638000 externalId=40941 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934035000 spt=56473 src=10.1.39.49 start=1645934035000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1791 bytesOut=882 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.119.119.131 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931037000 externalId=32657 proto=6 reason=N/A request=https://static.criteo.net requestClientApplication=SSL client rt=1645931036000 spt=49648 src=172.16.3.122 start=1645931036000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=50.16.228.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934638000 externalId=36330 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934036000 spt=63210 src=10.1.39.49 start=1645934036000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=213 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=50.16.228.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934638000 externalId=36328 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934035000 spt=56471 src=10.1.39.49 start=1645934035000 suser=No Authentication Required +<13>Mar 03 21:24:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=50.16.228.126 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934638000 externalId=40942 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934036000 spt=63209 src=10.1.39.49 start=1645934036000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931040000 externalId=32660 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931040000 spt=60925 src=177.206.170.211 start=1645931040000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.25.165.35 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934638000 externalId=36134 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934608000 spt=49488 src=10.180.10.102 start=1645934608000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=5565 bytesOut=1058 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=98.137.80.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931042000 externalId=32662 proto=6 reason=N/A request=http://d.yimg.com/mi/ono/ywa.js requestClientApplication=Safari rt=1645931042000 spt=53532 src=172.16.133.96 start=1645931042000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=3202 bytesOut=387 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931043000 externalId=37441 proto=6 reason=N/A request=https://accounts.youtube.com requestClientApplication=SSL client rt=1645931043000 spt=49639 src=10.1.21.53 start=1645931043000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=9532 dst=46.61.223.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931045000 externalId=32665 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931045000 spt=59370 src=10.1.4.113 start=1645931045000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931045000 externalId=37442 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931045000 spt=9532 src=46.61.223.11 start=1645931045000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=35.232.111.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934645000 externalId=41904 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934615000 spt=41898 src=10.180.10.102 start=1645934615000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=491 bytesOut=926 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.121.69.110 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931044000 externalId=32663 proto=6 reason=N/A request=http://s.widgetvillage.com/s2/Setup/Identification.nuid/2/a748bf8d4f43431a9963f4b716bb9237/APC111/1000000100940001/none/BBD_D6RHRBQTIC32/none/e.gif requestClientApplication=Internet Explorer rt=1645931044000 spt=56602 src=10.1.249.230 start=1645931044000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=257 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40001 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931046000 externalId=37445 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931046000 spt=34862 src=10.1.43.2 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.121.69.110 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931044000 externalId=31543 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931044000 spt=56615 src=10.1.249.230 start=1645931044000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=260 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931046000 externalId=32666 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931046000 spt=34862 src=10.1.43.2 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=129 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40005 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931046000 externalId=31544 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931046000 spt=34862 src=10.1.43.2 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=172.104.193.207 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931046000 externalId=32669 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931046000 spt=123 src=10.180.10.102 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40018 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931046000 externalId=37448 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931046000 spt=34862 src=10.1.43.2 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=77 bytesOut=113 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=wpad.felk.cvut.cz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=52451 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931153000 externalId=32691 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=257 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40010 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931046000 externalId=31545 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931046000 spt=34862 src=10.1.43.2 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=3191 bytesOut=568 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.85.4.230 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931047000 externalId=37449 proto=6 reason=N/A request=https://sync.adap.tv requestClientApplication=SSL client rt=1645931047000 spt=49360 src=172.16.104.115 start=1645931047000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=113 bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=wpad.felk.cvut.cz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931153000 externalId=32692 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=54069 src=10.0.2.15 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=378 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ns-1290.awsdns-33.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62853 dst=10.1.211.73 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931051000 externalId=37452 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931051000 spt=53 src=205.251.194.227 start=1645931051000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40006 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931046000 externalId=31546 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931046000 spt=34862 src=10.1.43.2 start=1645931046000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=133 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=client.dropbox.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53417 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931153000 externalId=32694 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=45.148.141.154 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931114000 externalId=37457 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931114000 spt=123 src=10.180.10.102 start=1645931114000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=65.55.223.21 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931151000 externalId=37463 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931151000 spt=34862 src=10.1.154.41 start=1645931151000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1532 bytesOut=575 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=2.21.104.24 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931049000 externalId=31550 proto=6 reason=N/A request=http://cdn.taboola.com/libtrc/nbcnews/loader.js requestClientApplication=Chrome rt=1645931049000 spt=50509 src=10.0.2.15 start=1645931049000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=123 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d.dropbox.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49714 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931153000 externalId=32696 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.dc._msdcs.felk.cvut.cz deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53645 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31568 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931151000 externalId=37464 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931151000 spt=40017 src=65.55.223.21 start=1645931151000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.dc._msdcs.felk.cvut.cz deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49512 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31570 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=4244 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=40.69.218.62 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934653000 externalId=40960 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934051000 spt=49698 src=10.1.129.216 start=1645934051000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=181 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=58567 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31573 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.239.36.117 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934654000 externalId=36341 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934052000 spt=49395 src=10.1.148.124 start=1645934052000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=181 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=56692 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31574 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=279 bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=clients2.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31575 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=51649 src=10.0.2.15 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2732 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=107.21.52.39 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934655000 externalId=40962 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934053000 spt=50175 src=172.16.8.38 start=1645934053000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=relay.felk.cvut.cz deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57140 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31577 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=186 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=b.config.skype.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931153000 externalId=31578 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=53897 src=10.0.2.15 start=1645931153000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=744 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=80.15.236.142 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934656000 externalId=36347 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934054000 spt=54048 src=10.1.136.198 start=1645934054000 suser=No Authentication Required +<13>Mar 03 21:24:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=199.188.48.60 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41911 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934656000 spt=123 src=10.180.10.102 start=1645934656000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1333 bytesOut=1313 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.4.194.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934657000 externalId=36351 proto=6 reason=N/A request=http://softizer.com/ requestClientApplication=Internet Explorer rt=1645934056000 spt=49308 src=192.168.1.96 start=1645934056000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=81.17.254.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934661000 externalId=36358 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934059000 spt=52658 src=172.16.133.41 start=1645934059000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=72.30.35.89 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931965000 externalId=38055 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931965000 spt=123 src=10.180.10.102 start=1645931965000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=72.30.35.89 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41913 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934662000 spt=123 src=10.180.10.102 start=1645934662000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=78.47.139.102 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41914 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934663000 spt=49158 src=172.16.45.98 start=1645934663000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=13.107.42.11 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41928 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934669000 spt=49472 src=172.16.104.115 start=1645934669000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=13.107.42.11 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37247 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934669000 spt=49473 src=172.16.104.115 start=1645934669000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.139.128.10 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36151 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934671000 spt=49436 src=172.16.3.122 start=1645934671000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37248 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49190 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36154 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49204 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41934 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49291 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41930 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49189 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36156 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49288 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36157 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49290 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36161 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49330 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41929 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49188 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37250 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49244 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36155 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49205 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934672000 externalId=37248 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49190 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41935 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49299 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41936 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49328 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41937 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49563 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37253 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49331 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36164 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49562 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36166 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49661 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37261 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49674 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36171 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49668 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36173 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49673 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37254 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934672000 spt=43617 src=94.120.171.179 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41942 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49669 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36170 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49667 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=43617 dst=94.120.171.179 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36162 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934672000 spt=59370 src=10.1.243.125 start=1645934672000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41938 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49565 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37259 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49659 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36168 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49663 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37262 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49676 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41946 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49702 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41947 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49703 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36178 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49701 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37264 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49704 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36175 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49680 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37266 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49799 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41948 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49805 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41949 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53844 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934674000 externalId=36171 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49668 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37267 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49800 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36181 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49798 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36183 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49803 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37271 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49808 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36187 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53854 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36186 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49811 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.20 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934674000 externalId=37233 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934644000 spt=60518 src=10.180.10.102 start=1645934644000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36182 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49801 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37274 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53876 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36184 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49804 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934674000 externalId=37267 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49800 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=8115 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.67.210.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934677000 externalId=35360 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934074000 spt=49156 src=10.1.120.202 start=1645934074000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40001 dst=65.55.223.22 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41951 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=34862 src=10.1.82.73 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934677000 externalId=37280 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=40016 src=65.55.223.22 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37280 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=40016 src=65.55.223.22 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41952 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=40001 src=65.55.223.22 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=303 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=65.55.223.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934677000 externalId=37279 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=34862 src=10.1.82.73 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40001 dst=65.55.223.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934677000 externalId=41951 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=34862 src=10.1.82.73 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=65.55.223.22 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37279 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=34862 src=10.1.82.73 start=1645934677000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=1576 bytesOut=311 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934678000 externalId=37287 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934678000 spt=64335 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37288 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934678000 spt=64336 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37287 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934678000 spt=64335 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934679000 externalId=41909 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934649000 spt=39550 src=10.180.10.102 start=1645934649000 suser=No Authentication Required +<13>Mar 03 21:24:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187701 proto=TCP requestClientApplication=Unknown rt=1645934678000 spt=64335 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 04 17:15:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934679000 externalId=41909 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934649000 spt=39550 src=10.180.10.102 start=1645934649000 suser=No Authentication Required +<13>Mar 04 17:15:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187701 proto=TCP requestClientApplication=Unknown rt=1645934678000 spt=64335 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934679000 externalId=41909 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934649000 spt=39550 src=10.180.10.102 start=1645934649000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187701 proto=TCP requestClientApplication=Unknown rt=1645934678000 spt=64335 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=O PVq\\P cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187701 rt=1645934678000 start=1645934678000 +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41957 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934680000 spt=43555 src=79.119.181.153 start=1645934680000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=43555 dst=79.119.181.153 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37289 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934680000 spt=59370 src=10.1.150.100 start=1645934680000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.0.255 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37290 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934680000 spt=137 src=10.1.33.98 start=1645934680000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.0.255 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934680000 externalId=37290 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934680000 spt=137 src=10.1.33.98 start=1645934680000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2541 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.202 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934682000 externalId=41093 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934080000 spt=53213 src=10.1.99.54 start=1645934080000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.116.142 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41958 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934681000 spt=49413 src=10.1.177.233 start=1645934681000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.61 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41960 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934683000 spt=54415 src=10.1.230.183 start=1645934683000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.196.45.154 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37295 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934682000 spt=35150 src=172.16.1.141 start=1645934682000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTPS bytesIn=66 bytesOut=566 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.61 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934683000 externalId=41960 proto=6 reason=Intrusion Block request=https://chatenabled.mail.google.com requestClientApplication=SSL client rt=1645934683000 spt=54415 src=10.1.230.183 start=1645934683000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37915|POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt|8|act=Blocked app=HTTPS cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37915 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=54415 dst=10.1.230.183 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121994 proto=TCP requestClientApplication=SSL client rt=1645934683000 spt=443 src=173.194.43.61 start=1645934683000 suser=No Authentication Required +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1="  P  Q MQ-1ywsKe:RBP(C* NjlBT7=C,#Mj \\QK     $ =);;C\]Y%Sb7e3@~ ." cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=121994 rt=1645934683000 start=1645934683000 +<13>Mar 04 20:49:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3279 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=58.28.155.111 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934684000 externalId=36195 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934684000 spt=49540 src=192.168.22.94 start=1645934684000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=58.28.155.111 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37296 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934684000 spt=49539 src=192.168.22.94 start=1645934684000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.248.241.94 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37297 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934684000 spt=123 src=10.180.10.102 start=1645934684000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=180 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.248.241.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931155000 externalId=32676 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931113000 spt=123 src=10.180.10.102 start=1645931113000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.21 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934684000 externalId=36138 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934654000 spt=38282 src=10.180.10.102 start=1645934654000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=58.28.155.111 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934684000 externalId=37296 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934684000 spt=49539 src=192.168.22.94 start=1645934684000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37298 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934685000 spt=51163 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41962 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645934685000 spt=56437 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.81.233.48 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934685000 externalId=36490 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934083000 spt=50104 src=10.1.15.208 start=1645934083000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934685000 externalId=41962 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645934685000 spt=56437 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1392 bytesOut=307 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934685000 externalId=36197 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934685000 spt=57715 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57715 dst=10.1.17.134 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36198 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934685000 spt=443 src=216.58.211.194 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36196 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645934685000 spt=57715 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36199 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645934685000 spt=59775 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934685000 externalId=36199 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645934685000 spt=59775 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59775 dst=10.1.17.134 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36201 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934685000 spt=443 src=216.58.211.194 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.194 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36202 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934685000 spt=51164 src=10.1.17.134 start=1645934685000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=570 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.88.134.12 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934686000 externalId=41101 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934084000 spt=49302 src=192.168.137.113 start=1645934084000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.204.50.20 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36204 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=49221 src=192.168.1.96 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37301 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56239 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=240 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934687000 externalId=37302 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56242 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41965 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56241 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41964 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56238 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37302 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56242 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36205 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56237 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36206 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56240 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=240 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934687000 externalId=41965 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56241 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=240 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934687000 externalId=37301 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56239 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=240 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934687000 externalId=36206 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56240 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=240 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934687000 externalId=41964 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934687000 spt=56238 src=10.1.223.58 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=4164 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.193.83.57 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934687000 externalId=36455 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934068000 spt=55872 src=172.16.1.141 start=1645934068000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=167 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1853 dst=68.64.21.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934689000 externalId=37305 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934689000 spt=51444 src=172.16.133.47 start=1645934689000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=98.137.156.136 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41968 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934689000 spt=49208 src=10.1.180.226 start=1645934689000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=167 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1853 dst=68.64.21.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37305 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934689000 spt=51444 src=172.16.133.47 start=1645934689000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=98.137.156.136 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36207 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934689000 spt=49207 src=10.1.180.226 start=1645934689000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=334 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51444 dst=172.16.133.47 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934689000 externalId=41969 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934689000 spt=1853 src=10.1.168.131 start=1645934689000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=167 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51444 dst=172.16.133.47 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41969 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934689000 spt=1853 src=10.1.168.131 start=1645934689000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.26 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934689000 externalId=41912 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934659000 spt=57448 src=10.180.10.102 start=1645934659000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645932701000 externalId=39926 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645932701000 spt=49152 src=89.133.43.160 start=1645932701000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41972 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934690000 spt=49152 src=89.133.43.160 start=1645934690000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=512 bytesOut=765 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.73.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934690000 externalId=41121 proto=6 reason=N/A request="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Ffacebook.com%2Fdisclosetv&width=245&colorscheme=light&show_faces=true&border_color=white&connections=11&stream=false&header=false&height=270" requestClientApplication=Internet Explorer rt=1645934087000 spt=62695 src=10.1.181.118 start=1645934087000 suser=No Authentication Required +<13>Mar 04 20:49:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49152 dst=89.133.43.160 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37308 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934690000 spt=59370 src=10.1.120.187 start=1645934690000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.79.251 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36211 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934691000 spt=47361 src=172.16.181.133 start=1645934691000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.79.251 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36210 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934691000 spt=47360 src=172.16.181.133 start=1645934691000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=162 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=203.255.234.103 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41973 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934691000 spt=32789 src=10.1.188.132 start=1645934691000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.79.251 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37309 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934691000 spt=47362 src=172.16.181.133 start=1645934691000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40025 dst=64.4.23.149 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36212 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=34862 src=10.1.115.208 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41974 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=40025 src=64.4.23.149 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=138 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40028 dst=64.4.23.149 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36213 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=34862 src=10.1.115.208 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41975 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=40028 src=64.4.23.149 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=465 dst=104.200.146.166 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37310 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934693000 spt=49381 src=172.17.1.129 start=1645934693000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=139 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36139 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5900 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37237 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41978 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934693000 spt=54908 src=10.1.212.166 start=1645934693000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41980 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54932 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1723 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36140 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3306 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37238 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=199 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37236 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=256 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36141 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41982 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54934 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3306 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37239 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41981 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54933 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36142 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=256 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36143 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=143 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37241 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1025 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36144 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41918 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.94.107.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=36515 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934092000 spt=60888 src=172.16.133.29 start=1645934092000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5900 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37240 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=139 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36146 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41915 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8888 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41919 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1723 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36145 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=445 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37245 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=111 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37242 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=199 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41921 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=110 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36148 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=659 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=109.239.110.104 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41137 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934091000 spt=49654 src=192.168.137.85 start=1645934091000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=113 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41922 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41980 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54932 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41923 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1025 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41916 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8888 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41917 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.94.107.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=35411 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934092000 spt=60890 src=172.16.133.29 start=1645934092000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=135 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37243 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=995 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934694000 externalId=37244 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41920 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1720 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36147 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934694000 externalId=36149 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41202 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=554 dst=192.168.0.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41924 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934664000 spt=41201 src=192.168.0.110 start=1645934664000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.94.107.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934694000 externalId=41140 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934092000 spt=61144 src=172.16.133.29 start=1645934092000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=4.78.226.233 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934695000 externalId=37246 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934665000 spt=49443 src=172.16.2.169 start=1645934665000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1288 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=48754 dst=108.58.117.78 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934696000 externalId=41986 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934696000 spt=49196 src=10.1.179.18 start=1645934696000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.212.130 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934697000 externalId=41926 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934667000 spt=49191 src=10.1.115.106 start=1645934667000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51234 dst=5.53.16.61 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41988 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934697000 spt=59370 src=10.0.0.46 start=1645934697000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.212.130 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934697000 externalId=41925 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934667000 spt=49190 src=10.1.115.106 start=1645934667000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36220 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934697000 spt=51234 src=10.1.3.101 start=1645934697000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=88 bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d.adroll.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934698000 externalId=37316 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934698000 spt=59886 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=94 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=JSRVR29.jaalam.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934698000 externalId=41992 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934698000 spt=55947 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=204 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=secure.adnxs.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934698000 externalId=41998 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934698000 spt=52375 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r9---sn-ab5e6nls.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37313 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=59625 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=docs.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37314 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=57858 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=JSRVR29.jaalam.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41992 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=55947 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r10---sn-nwj7kne6.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41993 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=65527 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r13---lga15s23.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41991 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=64688 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=amch.questionmarket.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41994 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=52918 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sb.voicefive.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36224 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=59934 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mpsnare.iesnare.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37318 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=49939 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ad.doubleclick.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36225 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=51254 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d.adroll.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37316 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=59886 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d1u2uhea8ugy8e.cloudfront.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41997 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=55445 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=4.umps2c2.salesforce.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37319 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=51874 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.adroll.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37317 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=60386 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=gdata.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36229 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=65461 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r13---sjc07s14.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41996 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=51698 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=adclick.g.doubleclick.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41995 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=54167 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d.adroll.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37321 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=59133 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagservices.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36228 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=62693 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube-nocookie.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36227 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=49614 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1058 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=207.97.236.81 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934698000 externalId=41927 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934668000 spt=51179 src=10.1.249.138 start=1645934668000 suser=No Authentication Required +<13>Mar 04 20:49:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.odesk.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37320 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=58406 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=97 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=odesk-prod-portraits.s3.amazonaws.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41999 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=61757 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ar.voicefive.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36222 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=55986 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.odesk.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36231 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=50813 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=217 bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d1u2uhea8ugy8e.cloudfront.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934698000 externalId=41997 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=55445 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36223 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=63498 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=204 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=secure.adnxs.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934698000 externalId=37322 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=56280 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=secure.adnxs.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37322 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=56280 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r11---sn-nwj7knez.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37315 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=54510 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36226 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=56549 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=95 bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mpsnare.iesnare.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934698000 externalId=37318 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=49939 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=secure.adnxs.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=41998 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=52375 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s2.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36230 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=58916 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=88 bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=d.adroll.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934698000 externalId=37321 proto=17 reason=N/A requestClientApplication=DNS rt=1645934698000 spt=59133 src=10.1.27.182 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=42 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=74.217.1.83 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934699000 externalId=36233 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645934699000 spt=8 src=172.16.133.132 start=1645934699000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=78 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.217.1.83 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42000 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934699000 spt=49877 src=172.16.133.132 start=1645934699000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=42 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=74.217.1.83 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36233 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645934699000 spt=8 src=172.16.133.132 start=1645934699000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=13.107.42.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934699000 externalId=36150 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934669000 spt=49471 src=172.16.104.115 start=1645934669000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=78 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.217.1.83 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36232 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934698000 spt=49875 src=172.16.133.132 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2100 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.95.58 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934699000 externalId=35423 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934096000 spt=51166 src=10.1.45.249 start=1645934096000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=913 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=38.93.140.48 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934699000 externalId=35425 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934097000 spt=49482 src=172.16.3.122 start=1645934097000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:116:434|DECODE_ICMP_PING_NMAP|6|act=Blocked app=ICMP cat=Attempted Information Leak cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=434 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=74.217.1.83 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56246 proto=ICMP requestClientApplication=ICMP client rt=1645934699000 spt=8 src=172.16.133.132 start=1645934699000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:15934|PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected|7|act=Blocked app=DNS cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15934 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=55947 dst=10.1.27.182 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121995 proto=UDP requestClientApplication=DNS rt=1645934698000 spt=53 src=172.16.128.202 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:254|PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority|4|act=Blocked app=DNS cat=Attempted Denial of Service cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=254 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=52375 dst=10.1.27.182 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121996 proto=UDP requestClientApplication=DNS rt=1645934698000 spt=53 src=172.16.128.202 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:254|PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority|4|act=Blocked app=DNS cat=Attempted Denial of Service cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=254 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59886 dst=10.1.27.182 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187702 proto=UDP requestClientApplication=DNS rt=1645934698000 spt=53 src=172.16.128.202 start=1645934698000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= l/  cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56246 rt=1645934699000 start=1645934699000 +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 5 Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 5 mU   secureadnxscom      @u    @s    DC    @    DC    @v    @    @ cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=121996 rt=1645934698000 start=1645934698000 +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 5 64\\   dadrollcom      T cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187702 rt=1645934698000 start=1645934698000 +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2920 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934700000 externalId=41151 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934098000 spt=62388 src=172.16.133.20 start=1645934098000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934700000 externalId=35426 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934098000 spt=62370 src=172.16.133.20 start=1645934098000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTPS bytesIn=66 bytesOut=367 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934701000 externalId=42004 proto=6 reason=Intrusion Block request=https://plusone.google.com requestClientApplication=SSL client rt=1645934701000 spt=60651 src=10.1.177.142 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37915|POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt|8|act=Blocked app=HTTPS cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37915 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60651 dst=10.1.177.142 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121997 proto=TCP requestClientApplication=SSL client rt=1645934701000 spt=443 src=74.125.226.2 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=70 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37324 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=53398 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=70 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36234 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=53397 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=70 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37325 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=53404 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=136 bytesOut=342 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934701000 externalId=42003 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=53405 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=70 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1935 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42002 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=53402 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ESPN bytesIn=3729 bytesOut=4613 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1935 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934701000 externalId=42002 proto=6 reason=N/A requestClientApplication=ESPN client rt=1645934701000 spt=53402 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=394 bytesOut=564 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934701000 externalId=36234 proto=6 reason=N/A requestClientApplication=Web browser rt=1645934701000 spt=53397 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=70 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42003 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=53405 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.2 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42004 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934701000 spt=60651 src=10.1.177.142 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=610 bytesOut=1061 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934701000 externalId=37324 proto=6 reason=N/A requestClientApplication=Web browser rt=1645934701000 spt=53398 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=3531 bytesOut=2178 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.31.117.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934701000 externalId=37325 proto=6 reason=N/A requestClientApplication=Web browser rt=1645934701000 spt=53404 src=10.1.71.157 start=1645934701000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=  P  ` \\Q-1(o.^p~o_*p;Y22    # 3t spdy/3spdy/2http/1.1uO cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=121997 rt=1645934701000 start=1645934701000 +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934702000 externalId=37253 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49331 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934702000 externalId=41933 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49289 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:49:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934702000 externalId=36152 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49187 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934702000 externalId=36159 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49300 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934702000 externalId=41935 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49299 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934703000 externalId=36165 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49660 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934703000 externalId=41939 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49657 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934703000 externalId=37260 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49664 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934703000 externalId=36167 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49662 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934703000 externalId=41945 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49675 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934703000 externalId=41944 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49672 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934703000 externalId=37256 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49503 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934703000 externalId=41941 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49666 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934703000 externalId=37258 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49564 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934703000 externalId=36172 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49671 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934703000 externalId=41943 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49670 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934704000 externalId=36177 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49683 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934704000 externalId=36180 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49797 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934704000 externalId=36179 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49795 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934704000 externalId=37276 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49814 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934704000 externalId=36188 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53866 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934704000 externalId=36189 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53886 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934704000 externalId=37268 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49802 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934704000 externalId=37273 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49812 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934704000 externalId=37266 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49799 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934704000 externalId=37269 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49806 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.155.4.180 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934705000 externalId=37277 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934675000 spt=49249 src=10.1.57.146 start=1645934675000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.234.89.21 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37327 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934705000 spt=53381 src=172.16.133.96 start=1645934705000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934705000 externalId=36190 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934675000 spt=54716 src=10.1.8.31 start=1645934675000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.1.10 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37328 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934705000 spt=49392 src=10.1.149.129 start=1645934705000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.1.10 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37329 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934705000 spt=49428 src=10.1.149.129 start=1645934705000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=312 bytesOut=881 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.234.89.21 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934705000 externalId=37327 proto=6 reason=N/A request=http://feeds.boston.com/boston/mostpopular requestClientApplication=Apple PubSub rt=1645934705000 spt=53381 src=172.16.133.96 start=1645934705000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934705000 externalId=37278 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934675000 spt=54717 src=10.1.8.31 start=1645934675000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.159.4.204 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934706000 externalId=36191 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934676000 spt=52079 src=10.1.64.185 start=1645934676000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.1.10 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37330 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=49477 src=10.1.149.129 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.159.4.204 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934706000 externalId=41950 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934676000 spt=52078 src=10.1.64.185 start=1645934676000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=44028 dst=89.176.77.175 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934706000 externalId=41169 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934103000 spt=49474 src=10.1.125.133 start=1645934103000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42007 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54172 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37334 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54166 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=112 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934706000 externalId=42007 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54172 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37331 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54148 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37333 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54160 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=112 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934706000 externalId=37331 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54148 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=112 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934706000 externalId=37334 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54166 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=112 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934706000 externalId=37333 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54160 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42008 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934707000 spt=1054 src=79.121.4.134 start=1645934707000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.246.169.222 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934707000 externalId=37285 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=56638 src=10.1.188.62 start=1645934677000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.246.169.222 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934707000 externalId=41954 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=56641 src=10.1.188.62 start=1645934677000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.246.169.222 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934707000 externalId=36192 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=56635 src=10.1.188.62 start=1645934677000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.157.0 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934707000 externalId=35459 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934104000 spt=62552 src=10.1.164.9 start=1645934104000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934707000 externalId=36238 proto=17 reason=N/A request=https://accounts.youtube.com requestClientApplication=QUIC client rt=1645934707000 spt=51022 src=10.1.72.242 start=1645934707000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.246.169.222 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934707000 externalId=37284 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=56634 src=10.1.188.62 start=1645934677000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36238 proto=17 reason=N/A request=https://accounts.youtube.com requestClientApplication=QUIC client rt=1645934707000 spt=51022 src=10.1.72.242 start=1645934707000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1054 dst=79.121.4.134 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36237 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934707000 spt=59370 src=10.1.139.50 start=1645934707000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.246.169.222 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934707000 externalId=37283 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934677000 spt=56633 src=10.1.188.62 start=1645934677000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=51022 dst=10.1.72.242 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36239 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934707000 spt=443 src=173.194.122.8 start=1645934707000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5840 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.120.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934708000 externalId=37286 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934678000 spt=64334 src=172.16.133.39 start=1645934678000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=63.116.244.139 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36240 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=33515 src=172.16.133.132 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.26 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37335 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=52698 src=172.16.133.41 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.26 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37336 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=52903 src=172.16.133.41 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.45.65.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934709000 externalId=41956 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934679000 spt=54118 src=172.16.133.66 start=1645934679000 suser=No Authentication Required +<13>Mar 04 20:49:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1388 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.112.24 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934709000 externalId=41955 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934679000 spt=49251 src=192.168.204.137 start=1645934679000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=187 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.77.214.109 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934709000 externalId=36561 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934106000 spt=57456 src=10.1.51.79 start=1645934106000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=36452 dst=201.92.182.173 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36242 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934709000 spt=59370 src=10.1.214.252 start=1645934709000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=36452 dst=201.92.182.173 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934709000 externalId=36242 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934709000 spt=59370 src=10.1.214.252 start=1645934709000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.0.255 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37339 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934710000 spt=137 src=10.1.16.116 start=1645934710000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37340 proto=17 reason=N/A request=https://ad.doubleclick.net requestClientApplication=QUIC client rt=1645934711000 spt=49916 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=67.203.19.35 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934711000 externalId=36194 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934681000 spt=57973 src=172.16.133.132 start=1645934681000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=67.203.19.35 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934711000 externalId=37292 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934681000 spt=57967 src=172.16.133.132 start=1645934681000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesIn=1392 bytesOut=2784 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934711000 externalId=37340 proto=17 reason=N/A request=https://ad.doubleclick.net requestClientApplication=QUIC client rt=1645934711000 spt=49916 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesIn=2784 bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934711000 externalId=42009 proto=17 reason=N/A request=https://s0.2mdn.net requestClientApplication=QUIC client rt=1645934711000 spt=62753 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42009 proto=17 reason=N/A request=https://s0.2mdn.net requestClientApplication=QUIC client rt=1645934711000 spt=62753 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=63.217.21.24 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934711000 externalId=37820 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931590000 spt=49212 src=172.16.45.52 start=1645931590000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36244 proto=17 reason=N/A request=https://ad.doubleclick.net requestClientApplication=QUIC client rt=1645934711000 spt=53644 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=85.116.37.143 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934711000 externalId=35471 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934109000 spt=52543 src=10.1.245.3 start=1645934109000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49916 dst=10.1.2.84 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37341 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934711000 spt=443 src=173.194.122.28 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesIn=1392 bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934711000 externalId=36244 proto=17 reason=N/A request=https://ad.doubleclick.net requestClientApplication=QUIC client rt=1645934711000 spt=53644 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37342 proto=17 reason=N/A request=https://ad.doubleclick.net requestClientApplication=QUIC client rt=1645934711000 spt=64348 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesIn=4176 bytesOut=4176 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934711000 externalId=37342 proto=17 reason=N/A request=https://ad.doubleclick.net requestClientApplication=QUIC client rt=1645934711000 spt=64348 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2099 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36245 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934711000 spt=51683 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37344 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934711000 spt=52483 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.116.142 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934711000 externalId=41958 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934681000 spt=49413 src=10.1.177.233 start=1645934681000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53644 dst=10.1.2.84 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36247 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934711000 spt=443 src=173.194.122.28 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64348 dst=10.1.2.84 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37343 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934711000 spt=443 src=173.194.122.28 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.116.142 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934711000 externalId=37293 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934681000 spt=49412 src=10.1.177.233 start=1645934681000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2420 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.147.86.184 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934712000 externalId=41959 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934682000 spt=53564 src=172.16.133.96 start=1645934682000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62753 dst=10.1.2.84 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42011 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934712000 spt=443 src=173.194.122.28 start=1645934712000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.196.45.154 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934713000 externalId=37295 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934682000 spt=35150 src=172.16.1.141 start=1645934682000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.196.45.154 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934713000 externalId=37294 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934682000 spt=35148 src=172.16.1.141 start=1645934682000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=58.28.155.111 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934714000 externalId=41961 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934684000 spt=49829 src=192.168.22.94 start=1645934684000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.181.163 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934716000 externalId=37299 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934686000 spt=63178 src=10.1.188.166 start=1645934686000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.73.181.163 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934716000 externalId=37300 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934686000 spt=63179 src=10.1.188.166 start=1645934686000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=90.145.140.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934716000 externalId=36203 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934686000 spt=51647 src=172.16.8.38 start=1645934686000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=35.190.155.102 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934718000 externalId=41966 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934688000 spt=49344 src=192.168.1.14 start=1645934688000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=37.187.122.11 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42012 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934718000 spt=123 src=10.180.10.102 start=1645934718000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=35.190.155.102 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934718000 externalId=41967 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934688000 spt=49345 src=192.168.1.14 start=1645934688000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5843 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.225.210.122 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934720000 externalId=36208 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934690000 spt=50314 src=10.1.40.159 start=1645934690000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.225.210.122 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934720000 externalId=37307 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934690000 spt=50315 src=10.1.40.159 start=1645934690000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2955 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.225.210.122 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934720000 externalId=41971 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934690000 spt=50313 src=10.1.40.159 start=1645934690000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.58.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645932916000 externalId=35656 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932916000 spt=123 src=10.180.10.102 start=1645932916000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.58.9 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37345 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934721000 spt=123 src=10.180.10.102 start=1645934721000 suser=No Authentication Required +<13>Mar 04 20:49:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.79.251 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934721000 externalId=36209 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934691000 spt=47359 src=172.16.181.133 start=1645934691000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=192.124.249.12 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934723000 externalId=41977 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=49718 src=192.168.1.96 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=192.124.249.12 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934723000 externalId=36215 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=49858 src=192.168.1.96 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=192.124.249.12 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934723000 externalId=36216 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934692000 spt=49946 src=192.168.1.96 start=1645934692000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2318 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934724000 externalId=41979 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934693000 spt=54909 src=10.1.212.166 start=1645934693000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60965 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37346 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934724000 spt=443 src=74.125.227.216 start=1645934724000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=646 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934724000 externalId=36217 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54935 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1184 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934724000 externalId=41983 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54936 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.17.245.154 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934724000 externalId=36218 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=54937 src=10.1.212.166 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.67.33.204 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934724000 externalId=37311 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=34436 src=10.180.10.102 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.0.80.241 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934725000 externalId=37312 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=59329 src=10.1.87.231 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.0.80.241 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934725000 externalId=41984 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934694000 spt=59330 src=10.1.87.231 start=1645934694000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.227.216 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36250 proto=17 reason=N/A request=https://csi.gstatic.com requestClientApplication=QUIC client rt=1645934724000 spt=60965 src=10.1.248.118 start=1645934724000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934725000 externalId=36219 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934695000 spt=49200 src=192.168.137.56 start=1645934695000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934725000 externalId=41985 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934695000 spt=49198 src=192.168.137.56 start=1645934695000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.225.180.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42014 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934725000 spt=60352 src=10.1.171.81 start=1645934725000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.225.180.4 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36251 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934725000 spt=60353 src=10.1.171.81 start=1645934725000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37348 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934726000 spt=24900 src=50.45.129.235 start=1645934726000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933458000 externalId=36080 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645933458000 spt=24900 src=50.45.129.235 start=1645933458000 suser=No Authentication Required +<13>Mar 04 20:49:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=24900 dst=50.45.129.235 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37347 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934726000 spt=59370 src=10.1.59.77 start=1645934726000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=564 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=51.255.48.78 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934727000 externalId=41990 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934697000 spt=55976 src=10.1.236.194 start=1645934697000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=51.255.48.78 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934727000 externalId=41989 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934697000 spt=63895 src=10.1.236.194 start=1645934697000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.52.9 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933112000 externalId=34618 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933112000 spt=123 src=10.180.10.102 start=1645933112000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=51.255.48.78 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934727000 externalId=36221 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934697000 spt=57002 src=10.1.236.194 start=1645934697000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.52.9 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36252 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934727000 spt=123 src=10.180.10.102 start=1645934727000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=175.28.4.19 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42016 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934729000 spt=49903 src=192.168.1.96 start=1645934729000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.217.1.83 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934729000 externalId=37323 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934699000 spt=49890 src=172.16.133.132 start=1645934699000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.9.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934729000 externalId=42001 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934699000 spt=51954 src=10.180.10.102 start=1645934699000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934732000 externalId=36235 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934702000 spt=49159 src=10.1.32.135 start=1645934702000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934732000 externalId=42005 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934702000 spt=49158 src=10.1.32.135 start=1645934702000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37352 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934733000 spt=40034 src=111.221.77.143 start=1645934733000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=82.112.106.104 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934734000 externalId=36236 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934703000 spt=50388 src=10.1.67.80 start=1645934703000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=894 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37354 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934733000 spt=40027 src=111.221.77.143 start=1645934733000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40034 dst=111.221.77.143 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42018 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934733000 spt=34862 src=10.1.114.13 start=1645934733000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=111.221.77.143 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37353 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934733000 spt=34862 src=10.1.114.13 start=1645934733000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.10.174 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934734000 externalId=37326 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934704000 spt=59060 src=10.180.10.102 start=1645934704000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2920 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.85.44.31 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934735000 externalId=42006 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934704000 spt=59362 src=10.1.255.204 start=1645934704000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.46.16.170 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36253 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934735000 spt=60592 src=172.16.133.132 start=1645934735000 suser=No Authentication Required +<13>Mar 04 20:49:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37358 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934737000 spt=40003 src=213.199.179.149 start=1645934737000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645932879000 externalId=35625 proto=17 reason=N/A requestClientApplication=Unknown rt=1645932879000 spt=40003 src=213.199.179.149 start=1645932879000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=485 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37360 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934737000 spt=40019 src=213.199.179.149 start=1645934737000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40003 dst=213.199.179.149 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37357 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934737000 spt=34862 src=10.1.61.143 start=1645934737000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=485 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645932879000 externalId=35626 proto=17 reason=N/A requestClientApplication=Unknown rt=1645932879000 spt=40019 src=213.199.179.149 start=1645932879000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40019 dst=213.199.179.149 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37359 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934737000 spt=34862 src=10.1.61.143 start=1645934737000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.26 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934738000 externalId=36241 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=52699 src=172.16.133.41 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.26 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934738000 externalId=37337 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=52904 src=172.16.133.41 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.29.98 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37361 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934738000 spt=39637 src=10.1.135.182 start=1645934738000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.29.98 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36255 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934738000 spt=54428 src=10.1.135.182 start=1645934738000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.26 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934738000 externalId=37336 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=52903 src=172.16.133.41 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.196.209.79 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934739000 externalId=35507 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934137000 spt=51039 src=172.16.1.141 start=1645934137000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=998 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.174.248.254 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934740000 externalId=35509 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934137000 spt=60425 src=172.16.133.48 start=1645934137000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1460 bytesOut=999 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.174.248.254 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934740000 externalId=36606 proto=6 reason=N/A request=http://allthingsd.com/wp-content/themes/atd-2.0/images/staff/ina-fried-50x50.jpg requestClientApplication=Firefox rt=1645934137000 spt=60420 src=172.16.133.48 start=1645934137000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.174.248.254 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934740000 externalId=41215 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934137000 spt=60421 src=172.16.133.48 start=1645934137000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.8.50.157 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934740000 externalId=37338 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934710000 spt=60549 src=10.1.88.208 start=1645934710000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=338 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.174.248.254 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934740000 externalId=41216 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934137000 spt=60422 src=172.16.133.48 start=1645934137000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=218.94.112.98 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934741000 externalId=36611 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934139000 spt=50566 src=10.1.89.71 start=1645934139000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.17.213.204 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934743000 externalId=36618 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934141000 spt=50170 src=10.1.178.47 start=1645934141000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=217.198.219.102 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42021 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934749000 spt=123 src=10.180.10.102 start=1645934749000 suser=No Authentication Required +<13>Mar 04 20:49:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.225.131.235 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934750000 externalId=36657 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934147000 spt=53809 src=10.1.103.180 start=1645934147000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2963 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.223.54.16 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934753000 externalId=36248 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934723000 spt=49642 src=172.16.3.122 start=1645934723000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=113 bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=wpad.felk.cvut.cz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931153000 externalId=37482 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=65123 src=10.0.2.15 start=1645931153000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=279 bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=clients2.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931153000 externalId=37483 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=60450 src=10.0.2.15 start=1645931153000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.225.180.4 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934755000 externalId=36251 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934725000 spt=60353 src=10.1.171.81 start=1645934725000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.8.210.158 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934755000 externalId=36663 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934153000 spt=52226 src=10.1.14.231 start=1645934153000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=133 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=pipe.skype.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64519 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931153000 externalId=37485 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931153000 spt=53 src=8.8.8.8 start=1645931153000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=199.96.57.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931154000 externalId=32697 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931154000 spt=54050 src=10.1.183.185 start=1645931154000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=22945 dst=184.175.46.174 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931167000 externalId=32703 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931167000 spt=59370 src=10.1.121.190 start=1645931167000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=186 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a.config.skype.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931153000 externalId=37486 proto=17 reason=N/A requestClientApplication=DNS rt=1645931153000 spt=55008 src=10.0.2.15 start=1645931153000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931159000 externalId=31583 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931159000 spt=65173 src=118.169.63.99 start=1645931159000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2252 bytesOut=574 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=199.96.57.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931154000 externalId=37487 proto=6 reason=N/A request=https://cdn.syndication.twitter.com requestClientApplication=SSL client rt=1645931154000 spt=51766 src=10.1.183.185 start=1645931154000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=199.96.57.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931154000 externalId=37488 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931154000 spt=54049 src=10.1.183.185 start=1645931154000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.143.121 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934759000 externalId=42015 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934729000 spt=41507 src=172.16.133.132 start=1645934729000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11299 dst=79.112.65.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931160000 externalId=31584 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931160000 spt=59370 src=10.1.78.31 start=1645931160000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934759000 externalId=41293 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934157000 spt=49158 src=10.1.163.186 start=1645934157000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931160000 externalId=31585 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931160000 spt=11299 src=79.112.65.1 start=1645931160000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=175.28.4.19 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934760000 externalId=37350 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934730000 spt=49956 src=192.168.1.96 start=1645934730000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=175.28.4.19 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934760000 externalId=37349 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934729000 spt=49834 src=192.168.1.96 start=1645934729000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=227 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.180.86.169 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934761000 externalId=36672 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934158000 spt=49252 src=10.1.131.164 start=1645934158000 suser=No Authentication Required +<13>Mar 04 20:49:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.180.86.169 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934761000 externalId=41294 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934158000 spt=49251 src=10.1.131.164 start=1645934158000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.84.228.66 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934761000 externalId=41296 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934158000 spt=49775 src=172.16.1.141 start=1645934158000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=112 bytesOut=219 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.239.211.246 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931156000 externalId=37490 proto=6 reason=N/A requestClientApplication=SSL client rt=1645931156000 spt=49254 src=10.1.6.165 start=1645931156000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=217.12.1.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934762000 externalId=42017 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934732000 spt=49174 src=10.1.114.101 start=1645934732000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=217.12.1.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934762000 externalId=37351 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934732000 spt=49173 src=10.1.114.101 start=1645934732000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=65173 dst=118.169.63.99 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931158000 externalId=37494 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931158000 spt=59370 src=10.1.49.218 start=1645931158000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.42 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931163000 externalId=37496 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931163000 spt=54594 src=10.1.237.156 start=1645931163000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.46.16.170 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934765000 externalId=37356 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934735000 spt=60594 src=172.16.133.132 start=1645934735000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=6090 bytesOut=532 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.105.114.185 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931165000 externalId=31590 proto=6 reason=N/A request="http://fr-c.nsbalrtgreatd.com/upt.php?tzoffset=480&locale=en_US&seq=2054399233&nuid=BB2_2925E6B6A41742D391ABF166CF6FB8D9&lg=fr&vuid=ALT001_fr_1.0.3_3.0.730.0.63439_BBD001&opcode=BBD001&cn=fr&mark=ALT001&muid=&p=&installDate=26.7.2015%205:46:09&c=BBD001\|id346fc4105910b4c9124b00006167853e\|1000000100940001\|0\|0\|fr\|0" requestClientApplication=Internet Explorer rt=1645931165000 spt=63656 src=10.1.167.31 start=1645931165000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1514 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.46.16.170 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934765000 externalId=42019 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934735000 spt=60593 src=172.16.133.132 start=1645934735000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1889 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.233.166.156 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931220000 externalId=31596 proto=17 reason=N/A request=https://stats.g.doubleclick.net requestClientApplication=QUIC client rt=1645931220000 spt=64284 src=10.1.49.108 start=1645931220000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=63656 dst=10.1.167.31 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56247 proto=TCP requestClientApplication=Internet Explorer rt=1645934766000 spt=80 src=46.105.114.185 start=1645931165000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56247 rt=1645934766000 start=1645934766000 +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.31.19.175 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931166000 externalId=37499 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931166000 spt=54848 src=10.1.108.90 start=1645931166000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.29.98 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934768000 externalId=37361 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934738000 spt=39637 src=10.1.135.182 start=1645934738000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931167000 externalId=37500 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931167000 spt=22945 src=184.175.46.174 start=1645931167000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.29.98 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934768000 externalId=42020 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934738000 spt=39631 src=10.1.135.182 start=1645934738000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.82.238.146 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934770000 externalId=37362 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934740000 spt=49224 src=10.180.10.102 start=1645934740000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.209.206 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931170000 externalId=32705 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931170000 spt=49496 src=10.1.230.48 start=1645931170000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2293 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=63.241.108.124 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934771000 externalId=35595 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934169000 spt=54365 src=172.16.133.66 start=1645934169000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=715 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18957 dst=83.41.191.124 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931172000 externalId=32709 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931172000 spt=59370 src=10.1.206.203 start=1645931172000 suser=No Authentication Required +<13>Mar 04 20:49:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1442 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.232.201.76 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934774000 externalId=35598 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934172000 spt=61443 src=10.1.240.247 start=1645934172000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=58 bytesOut=1614 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=62.122.9.81 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931173000 externalId=32710 proto=6 reason=N/A requestClientApplication=Web browser rt=1645931173000 spt=52635 src=10.1.82.240 start=1645931173000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.170.95 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931174000 externalId=37505 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931174000 spt=56711 src=10.1.65.97 start=1645931174000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=204.93.207.13 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931178000 externalId=32712 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931178000 spt=123 src=10.180.10.102 start=1645931178000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1332 bytesOut=400 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=176.32.118.139 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931176000 externalId=37507 proto=6 reason=N/A request=https://kms.us-west-1.amazonaws.com requestClientApplication=SSL client rt=1645931176000 spt=40477 src=10.1.209.146 start=1645931176000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=129 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40005 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931232000 externalId=37517 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=34862 src=10.1.173.249 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=154 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40003 dst=157.55.130.171 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931226000 externalId=37512 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931226000 spt=34862 src=10.1.162.229 start=1645931226000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=202.173.24.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934780000 externalId=35608 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934178000 spt=63532 src=10.1.77.134 start=1645934178000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931232000 externalId=37518 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=40005 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=202.173.24.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934780000 externalId=36704 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934178000 spt=63526 src=10.1.77.134 start=1645934178000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=754 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931232000 externalId=37522 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=40001 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934781000 externalId=35612 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934179000 spt=62469 src=10.1.120.221 start=1645934179000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40023 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931232000 externalId=37524 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=34862 src=10.1.173.249 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=491 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=server-0.sjose.uunet.speedera.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=66.28.255.153 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36257 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934783000 spt=32789 src=192.168.100.28 start=1645934783000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=521 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=weather.whenu.speedera.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=66.28.255.153 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934141000 externalId=35521 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934141000 spt=32789 src=192.168.100.28 start=1645934141000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=q-ring.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=131.253.21.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36259 proto=17 reason=N/A requestClientApplication=DNS rt=1645934784000 spt=60995 src=10.1.117.236 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=k-ring.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=131.253.21.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36258 proto=17 reason=N/A requestClientApplication=DNS rt=1645934784000 spt=63174 src=10.1.117.236 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=125 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=k-ring.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63174 dst=10.1.117.236 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36260 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934784000 spt=53 src=131.253.21.1 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=128 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a-ring-fallback.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62060 dst=10.1.117.236 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42031 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934784000 spt=53 src=131.253.21.1 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=125 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=q-ring.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60995 dst=10.1.117.236 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36261 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934784000 spt=53 src=131.253.21.1 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931232000 externalId=37527 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=34862 src=10.1.173.249 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=97 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a-ring-fallback.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=131.253.21.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42030 proto=17 reason=N/A requestClientApplication=DNS rt=1645934784000 spt=62060 src=10.1.117.236 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=k-ring.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=131.253.21.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934784000 externalId=36258 proto=17 reason=N/A requestClientApplication=DNS rt=1645934784000 spt=63174 src=10.1.117.236 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=97 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=a-ring-fallback.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=131.253.21.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934784000 externalId=42030 proto=17 reason=N/A requestClientApplication=DNS rt=1645934784000 spt=62060 src=10.1.117.236 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=q-ring.msedge.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=131.253.21.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934784000 externalId=36259 proto=17 reason=N/A requestClientApplication=DNS rt=1645934784000 spt=60995 src=10.1.117.236 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=98 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934784000 externalId=42033 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645934784000 spt=8 src=10.1.146.78 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=193.106.144.6 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42032 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934784000 spt=123 src=10.180.10.102 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=98 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37366 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645934785000 spt=8 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=68 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931232000 externalId=37528 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=443 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=98 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.146.78 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37367 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645934785000 src=10.2.4.90 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=148 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37371 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=35587 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=148 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42036 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=45127 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=148 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36262 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=45019 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=148 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37368 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=35479 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=SSH bytesIn=247 bytesOut=260 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934785000 externalId=37373 proto=6 reason=N/A requestClientApplication=SSH client rt=1645934785000 spt=45235 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37373 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=45235 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=148 bytesOut=334 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934785000 externalId=36262 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=45019 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=196 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.146.78 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934785000 externalId=37367 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645934785000 src=10.2.4.90 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=148 bytesOut=214 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934785000 externalId=37371 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=35587 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|6|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=2 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56248 proto=ICMP requestClientApplication=ICMP client rt=1645934785000 spt=8 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|6|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=2 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187703 proto=ICMP requestClientApplication=ICMP client rt=1645934785000 spt=8 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|6|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=2 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121998 proto=ICMP requestClientApplication=ICMP client rt=1645934784000 spt=8 src=10.1.146.78 start=1645934784000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:43238|SERVER-WEBAPP Imatix Xitami web server head processing denial of service attempt|4|act=Blocked app=Unknown cat=Sensitive Data cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=43238 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187704 proto=TCP requestClientApplication=Unknown rt=1645934785000 spt=35479 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= -c( T 6  !\"#$%&'()*+,-./01234567 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56248 rt=1645934785000 start=1645934785000 +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= C T  !\"#$%&'()*+,-./01234567 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187703 rt=1645934785000 start=1645934785000 +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=  T #  !\"#$%&'()*+,-./01234567 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=121998 rt=1645934784000 start=1645934784000 +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= P  P User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 Host: 10.2.4.90 Accept: */* cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187704 rt=1645934785000 start=1645934785000 +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=148 bytesOut=214 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934785000 externalId=37368 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934785000 spt=35479 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=12.167.151.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36266 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934785000 spt=123 src=10.180.10.102 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=12.167.151.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931843000 externalId=32184 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931843000 spt=123 src=10.180.10.102 start=1645931843000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.6.162 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37375 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934786000 spt=62527 src=10.1.63.235 start=1645934786000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=202.172.28.187 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37376 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934787000 spt=49423 src=10.1.203.142 start=1645934787000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.117.46.102 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934790000 externalId=37378 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934790000 spt=61016 src=10.1.243.2 start=1645934790000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.117.46.102 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37378 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934790000 spt=61016 src=10.1.243.2 start=1645934790000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37621|PUA-ADWARE Genieo Adware framework User-Agent|7|act=Blocked app=Unknown cat=Generic Protocol Command Decode cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37621 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.117.46.102 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=121999 proto=TCP requestClientApplication=Unknown rt=1645934790000 spt=61023 src=10.1.243.2 start=1645934790000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37621|PUA-ADWARE Genieo Adware framework User-Agent|7|act=Blocked app=Unknown cat=Generic Protocol Command Decode cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37621 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.117.46.102 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187705 proto=TCP requestClientApplication=Unknown rt=1645934790000 spt=61016 src=10.1.243.2 start=1645934790000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.117.46.102 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934790000 externalId=42038 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934790000 spt=61023 src=10.1.243.2 start=1645934790000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.117.46.102 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42038 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934790000 spt=61023 src=10.1.243.2 start=1645934790000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.155.105.76 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37379 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934791000 spt=49973 src=10.1.75.126 start=1645934791000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=166 bytesOut=170 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.155.105.76 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934791000 externalId=37379 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934791000 spt=49973 src=10.1.75.126 start=1645934791000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.155.105.76 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42040 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934791000 spt=49976 src=10.1.75.126 start=1645934791000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13249|PROTOCOL-DNS dns response for rfc1918 10/8 address detected|7|act=Blocked app=DNS cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13249 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=55136 dst=10.0.0.227 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187706 proto=UDP requestClientApplication=DNS rt=1645934793000 spt=53 src=10.0.0.10 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=beguilesoft-dc.beguilesoft.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36269 proto=17 reason=N/A requestClientApplication=DNS rt=1645934793000 spt=64512 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=CLDAP bytesOut=214 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=389 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37382 proto=17 reason=N/A requestClientApplication=CLDAP client rt=1645934793000 spt=64515 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=127 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.beguilesoft.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37381 proto=17 reason=N/A requestClientApplication=DNS rt=1645934793000 spt=55136 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=beguilesoft-dc.beguilesoft.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64512 dst=10.0.0.227 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36270 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934793000 spt=53 src=10.0.0.10 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=135 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42041 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934793000 spt=49155 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=beguilesoft-dc.beguilesoft.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934793000 externalId=36269 proto=17 reason=N/A requestClientApplication=DNS rt=1645934793000 spt=64512 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=193 bytesOut=127 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.beguilesoft.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934793000 externalId=37381 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934793000 spt=55136 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=CLDAP bytesOut=257 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=389 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36271 proto=17 reason=N/A requestClientApplication=CLDAP client rt=1645934793000 spt=64514 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=CLDAP bytesOut=214 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=389 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934793000 externalId=37382 proto=17 reason=N/A requestClientApplication=CLDAP client rt=1645934793000 spt=64515 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=CLDAP bytesOut=236 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64515 dst=10.0.0.227 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37383 proto=17 reason=N/A requestClientApplication=CLDAP client rt=1645934793000 spt=389 src=10.0.0.10 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.94.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42042 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934794000 spt=123 src=10.180.10.102 start=1645934794000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.94.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934597000 externalId=41903 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934597000 spt=123 src=10.180.10.102 start=1645934597000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2092 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.99.80.121 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42045 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934795000 spt=51414 src=10.1.76.148 start=1645934795000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.99.80.121 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36272 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934795000 spt=51415 src=10.1.76.148 start=1645934795000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42049 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934798000 spt=49820 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37386 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934798000 spt=49828 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:116:434|DECODE_ICMP_PING_NMAP|4|act=Blocked app=ICMP cat=Attempted Information Leak cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=434 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187707 proto=ICMP requestClientApplication=ICMP client rt=1645934798000 spt=8 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 1  cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187707 rt=1645934798000 start=1645934798000 +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=42 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934798000 externalId=37388 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645934798000 spt=8 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37387 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934798000 spt=49842 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=42 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37388 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645934798000 spt=8 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=213.199.179.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42053 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=34862 src=10.1.207.244 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40005 dst=213.199.179.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37392 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=34862 src=10.1.207.244 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=741 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645932875000 externalId=40252 proto=17 reason=N/A requestClientApplication=Unknown rt=1645932875000 spt=40009 src=213.199.179.155 start=1645932875000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37393 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=40005 src=213.199.179.155 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42056 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=40009 src=213.199.179.155 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=636 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=213.199.179.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934803000 externalId=42053 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=34862 src=10.1.207.244 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40030 dst=213.199.179.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42054 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=34862 src=10.1.207.244 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=213.199.179.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37391 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=34862 src=10.1.207.244 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645932875000 externalId=35612 proto=17 reason=N/A requestClientApplication=Unknown rt=1645932875000 spt=40005 src=213.199.179.155 start=1645932875000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=497 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934803000 externalId=42055 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934803000 spt=40009 src=213.199.179.155 start=1645934803000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=383 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=techfac.techfak.uni-bielefeld.de deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.70.4.55 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37394 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934804000 spt=32789 src=192.168.100.28 start=1645934804000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=383 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=techfac.techfak.uni-bielefeld.de deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.70.4.55 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645932674000 externalId=35151 proto=17 reason=N/A requestClientApplication=DNS client rt=1645932674000 spt=32789 src=192.168.100.28 start=1645932674000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.82.238.146 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934806000 externalId=42027 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934775000 spt=49226 src=10.180.10.102 start=1645934775000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.112.172 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42058 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934805000 spt=50971 src=10.1.227.14 start=1645934805000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.112.172 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42059 proto=17 reason=N/A request=https://lh6.googleusercontent.com requestClientApplication=QUIC client rt=1645934805000 spt=64771 src=10.1.227.14 start=1645934805000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29957|SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt|9|act=Blocked app=HTTP cat=Known client side exploit attempt cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29957 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.9 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122000 proto=TCP requestClientApplication=Web browser rt=1645934806000 spt=49529 src=172.16.3.122 start=1645934806000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:6414|SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt|9|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=6414 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.9 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122001 proto=TCP requestClientApplication=Unknown rt=1645934806000 spt=49538 src=172.16.3.122 start=1645934806000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=74 bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934806000 externalId=42061 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934806000 spt=49538 src=172.16.3.122 start=1645934806000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTP bytesIn=74 bytesOut=2828 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934806000 externalId=42060 proto=6 reason=Intrusion Block requestClientApplication=Web browser rt=1645934806000 spt=49529 src=172.16.3.122 start=1645934806000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.9 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42060 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934806000 spt=49529 src=172.16.3.122 start=1645934806000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.9 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42061 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934806000 spt=49538 src=172.16.3.122 start=1645934806000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.0.255 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36279 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934809000 spt=137 src=10.1.230.123 start=1645934809000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.0.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934809000 externalId=36279 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934809000 spt=137 src=10.1.230.123 start=1645934809000 suser=No Authentication Required +<13>Mar 04 20:49:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.208.173.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37396 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934811000 spt=49643 src=192.168.137.85 start=1645934811000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.63.82.10 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42063 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934811000 spt=49194 src=10.1.185.234 start=1645934811000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.208.173.200 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36284 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934811000 spt=49650 src=192.168.137.85 start=1645934811000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.65.7 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37397 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934812000 spt=49219 src=10.1.118.85 start=1645934812000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.65.7 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42064 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934812000 spt=49217 src=10.1.118.85 start=1645934812000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.65.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934813000 externalId=42064 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934812000 spt=49217 src=10.1.118.85 start=1645934812000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=193.25.222.136 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37398 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934813000 spt=123 src=10.180.10.102 start=1645934813000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.2.4.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934815000 externalId=42037 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934785000 spt=35695 src=10.1.146.78 start=1645934785000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=5.10.75.66 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42066 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934814000 spt=52231 src=10.0.2.15 start=1645934814000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36288 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=49852 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42068 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57512 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42067 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57509 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37402 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=49854 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37401 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=49853 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37400 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57510 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42069 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57511 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=126 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=download.microsoft.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=207.46.138.20 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42070 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934815000 spt=32789 src=10.1.121.88 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29957|SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt|8|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29957 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.1.35.103 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56249 proto=TCP requestClientApplication=Unknown rt=1645934816000 spt=61047 src=10.1.44.199 start=1645934816000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.1.35.103 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934816000 externalId=36290 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934816000 spt=61047 src=10.1.44.199 start=1645934816000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.1.35.103 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36290 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934816000 spt=61047 src=10.1.44.199 start=1645934816000 suser=No Authentication Required +<13>Mar 04 20:49:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=202.172.28.187 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934817000 externalId=37377 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934787000 spt=49551 src=10.1.203.142 start=1645934787000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.88.85.51 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42071 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934817000 spt=60456 src=10.1.240.251 start=1645934817000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|7|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=71.254.156.169 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56250 proto=UDP requestClientApplication=BitTorrent rt=1645934818000 spt=63448 src=10.1.114.126 start=1645934818000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=1330 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=71.254.156.169 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934818000 externalId=36293 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645934818000 spt=63448 src=10.1.114.126 start=1645934818000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36294 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934818000 spt=51413 src=71.254.156.169 start=1645934818000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2638 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.9.136 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934819000 externalId=36267 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934789000 spt=62543 src=10.1.227.184 start=1645934789000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=71.254.156.169 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36293 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934818000 spt=63448 src=10.1.114.126 start=1645934818000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.85.235.179 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934821000 externalId=36297 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934821000 spt=50005 src=172.16.3.122 start=1645934821000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.85.235.179 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56251 proto=TCP requestClientApplication=Unknown rt=1645934821000 spt=50005 src=172.16.3.122 start=1645934821000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:254|PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority|4|act=Blocked app=DNS cat=Attempted Denial of Service cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=254 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=51736 dst=10.1.1.97 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56252 proto=UDP requestClientApplication=DNS rt=1645934822000 spt=53 src=10.1.1.1 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=Ux P cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56251 rt=1645934821000 start=1645934821000 +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:254|PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority|4|act=Blocked app=DNS cat=Attempted Denial of Service cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=254 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64559 dst=10.1.1.97 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122002 proto=UDP requestClientApplication=DNS rt=1645934822000 spt=53 src=10.1.1.1 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:57756|MALWARE-CNC DNS Fast Flux attempt|7|act=Blocked app=DNS cat=Generic Protocol Command Decode cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=57756 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49593 dst=10.1.1.97 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187708 proto=UDP requestClientApplication=DNS rt=1645934822000 spt=53 src=10.1.1.1 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:44077|INDICATOR-COMPROMISE Suspicious .win dns query|0|act=Blocked app=Unknown cat=A System Call was Detected cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=44077 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187709 proto=UDP requestClientApplication=DNS rt=1645934822000 spt=63335 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 5 N   wwwmsftncsicom     M wwwmsftncsicom edgesuitenet .   a1961g2akamaiIZ    +>Z    +> cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187708 rt=1645934822000 start=1645934822000 +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 5/ :H   dnsmsftncsicom     k cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122002 rt=1645934822000 start=1645934822000 +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1="g 5 ,`=  wwwtexowipu14win  " cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187709 rt=1645934822000 start=1645934822000 +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=107 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.jufa123.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934822000 externalId=36301 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934822000 spt=51736 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.texowipu14.win deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934822000 externalId=37413 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934822000 spt=63335 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=92 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934822000 externalId=42079 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934822000 spt=64559 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=DNS bytesIn=182 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934822000 externalId=37409 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645934822000 spt=49593 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.dc._msdcs.mshome.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37406 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=62730 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42079 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=64559 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.yunshangcms.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36299 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=52239 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.ellentscm.info deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37410 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=51682 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=82 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.canamultimedia.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42083 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=50294 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=114 bytesOut=82 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.100placesbandb.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934822000 externalId=36302 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=56792 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.gotrkx.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37414 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=57837 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=92 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934822000 externalId=42086 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=54492 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.yunshangcms.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42088 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=58043 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=wpad.mshome.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36298 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=54922 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.jvfilmmakers.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42078 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=51816 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=isatap.mshome.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37408 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=64409 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.kowollik.email deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42081 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=60289 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=65.52.108.225 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931221000 externalId=31597 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931221000 spt=57625 src=10.1.172.198 start=1645931221000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.jufa123.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36301 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=51736 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37409 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=49593 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.seorowipe.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37412 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=53599 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.sosssou.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42082 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=60588 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.gatinhas.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42085 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=49443 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=82 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.100placesbandb.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36302 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=56792 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=118 bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.xn--jjq193ajmav75c.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934822000 externalId=36303 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=50437 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.texowipu14.win deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37413 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=63335 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42087 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=55656 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.dc._msdcs.mshome.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37407 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=54056 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DHCP bytesOut=354 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=67 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42080 proto=17 reason=N/A requestClientApplication=DHCP client rt=1645934822000 spt=68 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36300 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=55517 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=82 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.sparkyoursukha.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37411 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=52827 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.cerebrumfriend.info deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42084 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=50140 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.xn--jjq193ajmav75c.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36303 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=50437 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.heapto.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37415 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=58287 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.yunshangcms.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37417 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=62665 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42086 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=54492 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.heapto.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.1.1.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37416 proto=17 reason=N/A requestClientApplication=DNS rt=1645934822000 spt=58597 src=10.1.1.97 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.49.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42089 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934822000 spt=51750 src=10.1.94.139 start=1645934822000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=54 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3306 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934824000 externalId=42105 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934824000 spt=55092 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=199 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36307 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=58330 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=154.16.177.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931222000 externalId=32715 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931222000 spt=49209 src=192.168.1.96 start=1645931222000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934824000 externalId=37428 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=54530 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42090 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=52991 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=310 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931232000 externalId=31611 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=40006 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931226000 externalId=31599 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931226000 spt=40003 src=157.55.130.171 start=1645931226000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931232000 externalId=31612 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=40023 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37428 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=54530 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934823000 externalId=42090 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=52991 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=135 dst=10.0.0.10 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934823000 externalId=42041 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934793000 spt=49155 src=10.0.0.227 start=1645934793000 suser=No Authentication Required +<13>Mar 04 20:49:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2912 bytesOut=373 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.4.54.36 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931223000 externalId=31598 proto=6 reason=N/A request=https://licensing.mp.microsoft.com requestClientApplication=SSL client rt=1645931223000 spt=50497 src=192.168.8.134 start=1645931223000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=212 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=176.31.40.147 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934824000 externalId=36780 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934222000 spt=52699 src=10.1.236.174 start=1645934222000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=55092 dst=192.168.0.109 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122003 proto=TCP requestClientApplication=Unknown rt=1645934824000 spt=3306 src=192.168.0.1 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= 4 P U cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122003 rt=1645934824000 start=1645934824000 +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3011 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.81.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934824000 externalId=42043 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934794000 spt=49198 src=192.168.1.14 start=1645934794000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934825000 externalId=42186 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=40077 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=8942 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.81.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934824000 externalId=42044 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934794000 spt=49199 src=192.168.1.14 start=1645934794000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42186 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=40077 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=161 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934826000 externalId=42229 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934826000 spt=58298 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=10052 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.99.80.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934825000 externalId=37384 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934795000 spt=51416 src=10.1.76.148 start=1645934795000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=14424 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.99.80.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934825000 externalId=36273 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934795000 spt=51417 src=10.1.76.148 start=1645934795000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.99.80.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934825000 externalId=36274 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934795000 spt=51418 src=10.1.76.148 start=1645934795000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:1418|PROTOCOL-SNMP request tcp|6|act=Blocked app=Unknown cat=Attempted Information Leak cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=1418 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=161 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122004 proto=TCP requestClientApplication=Unknown rt=1645934826000 spt=58298 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= Zo 9P d cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122004 rt=1645934826000 start=1645934826000 +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.93.26 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934827000 externalId=42046 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934797000 spt=50175 src=10.1.174.72 start=1645934797000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.93.26 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934827000 externalId=42048 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934797000 spt=50191 src=10.1.174.72 start=1645934797000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.93.26 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934827000 externalId=42047 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934797000 spt=50176 src=10.1.174.72 start=1645934797000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934828000 externalId=37385 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934798000 spt=49800 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=443 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934828000 externalId=42049 proto=6 reason=N/A requestClientApplication=Web browser rt=1645934798000 spt=49820 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934828000 externalId=37386 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934798000 spt=49828 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=443 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.242.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934828000 externalId=37387 proto=6 reason=N/A requestClientApplication=Web browser rt=1645934798000 spt=49842 src=10.1.97.21 start=1645934798000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.11.109.68 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934829000 externalId=36277 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934799000 spt=49688 src=10.1.62.149 start=1645934799000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=58 bytesOut=687 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=2.20.180.35 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931227000 externalId=32719 proto=6 reason=N/A request=https://fbcdn-profile-a.akamaihd.net requestClientApplication=SSL client rt=1645931227000 spt=51468 src=10.0.2.15 start=1645931227000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.11.109.68 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934829000 externalId=37389 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934799000 spt=49687 src=10.1.62.149 start=1645934799000 suser=No Authentication Required +<13>Mar 04 20:49:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931232000 externalId=32723 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=40016 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.223.52.18 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934830000 externalId=36278 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934800000 spt=49157 src=10.1.158.49 start=1645934800000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.65.244 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934831000 externalId=42050 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934801000 spt=53199 src=172.16.133.21 start=1645934801000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.65.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934831000 externalId=37390 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934801000 spt=53194 src=172.16.133.21 start=1645934801000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.192.238 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934832000 externalId=42051 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934802000 spt=49405 src=10.1.106.195 start=1645934802000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.192.238 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934832000 externalId=42052 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934802000 spt=49406 src=10.1.106.195 start=1645934802000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=70.42.13.101 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934831000 externalId=36785 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934229000 spt=42398 src=172.16.133.184 start=1645934229000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40018 dst=157.55.56.173 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931232000 externalId=32726 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=34862 src=10.1.173.249 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931232000 externalId=32727 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931232000 spt=40018 src=157.55.56.173 start=1645931232000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=62 bytesOut=582 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.120.27.21 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931234000 externalId=37530 proto=6 reason=N/A request="http://adadvisor.net/adscores/g.json?sid=9233633946" requestClientApplication=Chrome rt=1645931234000 spt=54888 src=10.1.97.113 start=1645931234000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=112 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.113.250 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931235000 externalId=32730 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931235000 spt=57885 src=10.1.239.154 start=1645931235000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.113.250 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931235000 externalId=37534 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931235000 spt=57879 src=10.1.239.154 start=1645931235000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=286 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=60253 dst=41.142.42.83 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931242000 externalId=32732 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931238000 spt=59370 src=10.1.131.34 start=1645931238000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.192.202.134 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931236000 externalId=31614 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931236000 spt=55694 src=10.1.55.197 start=1645931236000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=705 bytesOut=580 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=67.217.177.93 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931237000 externalId=37535 proto=6 reason=N/A request="http://ce.lijit.com/merge?pid=3&3pid=35a3512d-3195-4c00-8e63-694d4b878b3d" requestClientApplication=Safari rt=1645931237000 spt=46935 src=172.16.133.132 start=1645931237000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17660 dst=213.102.78.25 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931240000 externalId=31616 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931240000 spt=59370 src=10.1.173.174 start=1645931240000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5634 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.109.99.165 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934839000 externalId=42062 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934808000 spt=49407 src=10.1.150.46 start=1645934808000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.227.119.193 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934840000 externalId=37395 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934810000 spt=54387 src=10.1.65.167 start=1645934810000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=157.56.52.27 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931239000 externalId=37537 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931239000 spt=34862 src=10.1.59.117 start=1645931239000 suser=No Authentication Required +<13>Mar 04 20:49:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.227.119.193 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934840000 externalId=36281 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934810000 spt=54386 src=10.1.65.167 start=1645934810000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931240000 externalId=37539 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931240000 spt=17660 src=213.102.78.25 start=1645931240000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=10936 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.208.173.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934841000 externalId=36282 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934811000 spt=49636 src=192.168.137.85 start=1645934811000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.82.238.146 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934841000 externalId=36283 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934811000 spt=49228 src=10.180.10.102 start=1645934811000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.appneta.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=55309 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931244000 externalId=37542 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931244000 spt=53 src=172.16.128.202 start=1645931244000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2899 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.65.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934842000 externalId=36285 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934812000 spt=49218 src=10.1.118.85 start=1645934812000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.65.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934842000 externalId=42065 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934812000 spt=49224 src=10.1.118.85 start=1645934812000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=91 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.appneta.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931244000 externalId=37543 proto=17 reason=N/A requestClientApplication=DNS rt=1645931244000 spt=52503 src=172.16.133.233 start=1645931244000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.appneta.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=64998 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931244000 externalId=37545 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931244000 spt=53 src=172.16.128.202 start=1645931244000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.54.12.127 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934843000 externalId=36286 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934813000 spt=49592 src=10.1.91.50 start=1645934813000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=58 bytesOut=365 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=65.52.108.225 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931243000 externalId=32735 proto=6 reason=N/A request=https://BN4SCH101122204.wns.windows.com requestClientApplication=SSL client rt=1645931243000 spt=57625 src=10.1.215.16 start=1645931243000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=91 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.appneta.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931244000 externalId=32736 proto=17 reason=N/A requestClientApplication=DNS rt=1645931244000 spt=54374 src=172.16.133.233 start=1645931244000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934845000 externalId=36289 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=49867 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934845000 externalId=36287 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57508 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934845000 externalId=37402 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=49854 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934845000 externalId=37399 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57507 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934845000 externalId=42069 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57511 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.156.255 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934845000 externalId=37400 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934815000 spt=57510 src=172.16.1.141 start=1645934815000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=91 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.appneta.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931244000 externalId=32737 proto=17 reason=N/A requestClientApplication=DNS rt=1645931244000 spt=60838 src=172.16.133.233 start=1645931244000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=47096 dst=111.163.31.206 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931245000 externalId=37546 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931245000 spt=59370 src=10.1.217.191 start=1645931245000 suser=No Authentication Required +<13>Mar 04 20:49:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1700 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=188.95.248.71 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934846000 externalId=37403 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934816000 spt=49196 src=10.1.11.210 start=1645934816000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931245000 externalId=37547 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931245000 spt=47096 src=111.163.31.206 start=1645931245000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934847000 externalId=37404 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934817000 spt=49672 src=10.1.253.158 start=1645934817000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934847000 externalId=42074 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934817000 spt=49674 src=10.1.253.158 start=1645934817000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934847000 externalId=42073 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934817000 spt=49671 src=10.1.253.158 start=1645934817000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2636 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.137.33.209 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934848000 externalId=35679 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934233000 spt=61256 src=10.1.233.45 start=1645934233000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934847000 externalId=36291 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934817000 spt=49673 src=10.1.253.158 start=1645934817000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=136 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=111.221.74.29 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931263000 externalId=32749 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931263000 spt=34862 src=10.1.183.61 start=1645931263000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2886 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.137.33.209 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934848000 externalId=36789 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934233000 spt=61253 src=10.1.233.45 start=1645934233000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934847000 externalId=42075 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934817000 spt=49675 src=10.1.253.158 start=1645934817000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=4294967295 bytesOut=3449 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931263000 externalId=32748 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931263000 spt=40012 src=111.221.74.29 start=1645931263000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934848000 externalId=37405 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934818000 spt=49680 src=10.1.253.158 start=1645934818000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36476 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60934 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.211.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934848000 externalId=36292 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934818000 spt=49679 src=10.1.253.158 start=1645934818000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37564 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60909 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37565 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60952 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=120 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934848000 externalId=36476 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60934 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=220.158.215.20 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36478 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934848000 spt=123 src=10.180.10.102 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2908 bytesOut=335 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.219.237 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931246000 externalId=37548 proto=6 reason=N/A request=https://accounts.google.com requestClientApplication=SSL client rt=1645931246000 spt=62590 src=10.1.25.237 start=1645931246000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.198.90 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934849000 externalId=36295 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934819000 spt=49324 src=10.1.168.42 start=1645934819000 suser=No Authentication Required +<13>Mar 04 20:50:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.194.251.139 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931248000 externalId=31618 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931248000 spt=61573 src=10.1.187.14 start=1645931248000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.201.198.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934849000 externalId=42076 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934819000 spt=49321 src=10.1.168.42 start=1645934819000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.137.113 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37567 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934849000 spt=54521 src=10.1.28.244 start=1645934849000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=995 dst=130.255.78.48 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934849000 externalId=36296 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934819000 spt=49294 src=172.16.2.197 start=1645934819000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=212 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.244.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934851000 externalId=36804 proto=6 reason=N/A requestClientApplication=Web browser rt=1645934248000 spt=61329 src=10.1.168.165 start=1645934248000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.63.82.10 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934850000 externalId=42077 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934820000 spt=49793 src=10.1.128.120 start=1645934820000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931256000 externalId=31625 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931256000 spt=31461 src=114.38.85.46 start=1645931256000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=347 bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.241.244.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934851000 externalId=35699 proto=6 reason=N/A request=http://rtb.openx.net/sync/yahoo requestClientApplication=Internet Explorer rt=1645934248000 spt=61328 src=10.1.168.165 start=1645934248000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=171.66.97.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37568 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934852000 spt=123 src=10.180.10.102 start=1645934852000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40019 dst=65.55.223.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931259000 externalId=31627 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931259000 spt=34862 src=10.1.195.122 start=1645931259000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=58 bytesOut=925 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.4.104.106 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931252000 externalId=37553 proto=6 reason=N/A request="http://comcluster.cxense.com/Repo/rep.gif?ver=1&typ=pgv&rnd=ilz5x45taxwe50r0&acc=0&sid=1128278345423830937&loc=http%3A%2F%2Fwww.pgatour.com%2Fplayers%2Fplayer.24357.k-j--choi.html&ref=https%3A%2F%2Fwww.google.cz%2F&gol=&pgn=<m=1458393642065&new=1&arf=0&tzo=420&res=807x648&dpr=1&col=24&jav=0&bln=en-US&cks=ilz5x4kuo1tez1d7&ckp=ilz5x4kwdn9g6xw8&chs=UTF-8&wsz=807x557&fls=1&flv=Shockwave%20Flash%2021.0%20r0&cst=e5e0239b685a5d9617449cef5cd0c30c" requestClientApplication=Chrome rt=1645931252000 spt=49994 src=10.1.81.87 start=1645931252000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=59 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931259000 externalId=31628 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931259000 spt=40019 src=65.55.223.46 start=1645931259000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42097 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=35575 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=199 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36307 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=58330 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=143 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37426 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=60260 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=113 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36304 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=54065 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=445 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37425 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=60419 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42104 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=45781 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1723 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37421 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=58601 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:50:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42103 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=40388 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5566 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37438 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=40297 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5550 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42109 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=40227 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2121 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36315 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=60484 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2042 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37441 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=51845 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1166 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42110 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=38323 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=10004 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36316 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=44667 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=99 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37453 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=39307 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1025 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37427 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=33276 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3269 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36312 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=39584 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=19842 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37440 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=58835 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=111 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37420 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934823000 spt=45211 src=192.168.0.109 start=1645934823000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=10628 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36317 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=52157 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=21 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42102 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=50689 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8200 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37459 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=59850 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=20 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36309 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=41028 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52848 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36329 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=37871 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=465 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42108 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=60489 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1097 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37469 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=34653 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3325 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36311 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=59737 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5510 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37449 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=33034 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8800 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42120 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=55155 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42107 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=58612 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52869 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36325 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=57220 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=667 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42127 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=55576 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3905 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37467 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=59965 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=56738 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37463 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=60620 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3351 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37465 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=38486 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=44442 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36313 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=49688 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1121 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42111 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=53039 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2119 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36321 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=50623 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=15002 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37468 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=60541 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=64680 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37474 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=44816 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=497 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42134 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=48088 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8090 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42136 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=55943 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6004 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36337 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=48164 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5100 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36342 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=55973 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6101 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37485 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=37649 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1198 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36334 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=41383 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1556 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37477 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=49014 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3030 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934854000 externalId=37478 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=35428 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5903 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42140 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=45305 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=19780 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42143 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=59790 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1524 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37491 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=33233 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2557 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36345 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=44660 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6565 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42149 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=47453 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=9200 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37497 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=33252 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1065 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36358 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=39491 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8254 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42161 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=43351 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=57797 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36359 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=59033 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=32784 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42170 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=45734 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5718 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37501 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=37360 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1247 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37502 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=48380 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5050 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42166 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=49122 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1719 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37503 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=35600 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58080 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934854000 externalId=36351 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=45031 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1082 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36371 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=53166 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=27715 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42174 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=56742 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5988 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37498 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=50793 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=444 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37505 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=45568 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=903 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36376 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=35915 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8899 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42167 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=48732 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1090 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42196 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=49698 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1271 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37511 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=42701 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=12345 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36360 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=41236 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=211 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36385 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=46894 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=70 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42178 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=55773 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36377 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=49242 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2869 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37518 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=39185 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52673 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934854000 externalId=42145 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=45844 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=90 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36353 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934824000 spt=43499 src=192.168.0.109 start=1645934824000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=9103 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37500 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=42199 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6547 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36364 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=58243 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=125 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37504 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=53696 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1500 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42187 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=41700 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2717 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36379 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=43769 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=306 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36386 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=32770 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=125 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36393 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=36002 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50002 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36388 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=50955 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36397 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=59941 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=903 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36399 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=46670 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=458 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36407 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=50458 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5877 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36404 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=56634 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1117 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36391 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=54377 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8093 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36401 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=37323 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=311 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36400 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=38573 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=9090 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42201 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=33973 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1046 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37527 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=37498 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2190 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36418 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=33385 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8099 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42203 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=57765 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1108 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42208 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=58259 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3300 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36419 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=40151 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3367 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37523 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=44074 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3001 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37533 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=54756 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5221 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934855000 externalId=37532 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=57072 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6059 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36421 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=60818 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=14238 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934855000 externalId=42210 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=35601 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1594 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36426 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=46001 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8022 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934856000 externalId=42227 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=49734 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49165 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934856000 externalId=42228 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=41557 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8009 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37535 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=49767 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7402 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36432 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=34013 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3689 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37541 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=45804 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=10180 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37536 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=49305 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7103 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36425 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=54282 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6389 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36431 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=57631 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1583 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37538 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=47452 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1972 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934856000 externalId=42233 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=47675 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2038 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934856000 externalId=36439 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=36761 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1044 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37550 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=58727 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1277 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37548 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=49656 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5009 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934856000 externalId=36443 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=52146 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1248 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37555 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=51621 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=14000 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37554 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=48621 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3851 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934856000 externalId=36447 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=34803 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3372 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934856000 externalId=37556 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=51474 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5214 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934856000 externalId=42232 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=58192 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=63331 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934855000 externalId=36433 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934825000 spt=56809 src=192.168.0.109 start=1645934825000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=981 dst=192.168.0.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934856000 externalId=36453 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934826000 spt=37344 src=192.168.0.109 start=1645934826000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=366 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931263000 externalId=31633 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931263000 spt=40001 src=111.221.74.29 start=1645931263000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=415 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40012 dst=111.221.74.29 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931263000 externalId=31634 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931263000 spt=34862 src=10.1.183.61 start=1645931263000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=192.48.105.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42246 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934859000 spt=123 src=10.180.10.102 start=1645934859000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=159.203.82.102 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931310000 externalId=31642 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931310000 spt=123 src=10.180.10.102 start=1645931310000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=31461 dst=114.38.85.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931256000 externalId=37560 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931256000 spt=59370 src=10.1.4.251 start=1645931256000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.91.157 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36480 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934859000 spt=123 src=10.180.10.102 start=1645934859000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.91.157 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934530000 externalId=36105 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934530000 spt=123 src=10.180.10.102 start=1645934530000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931345000 externalId=31645 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931345000 spt=40868 src=10.1.141.107 start=1645931345000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931352000 externalId=31648 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931352000 spt=49793 src=87.236.23.243 start=1645931352000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=45.79.88.193 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931352000 externalId=31649 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931352000 spt=123 src=10.180.10.102 start=1645931352000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tag.contextweb.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931355000 externalId=31655 proto=17 reason=N/A requestClientApplication=DNS rt=1645931355000 spt=51770 src=172.16.1.126 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931263000 externalId=37565 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931263000 spt=40016 src=111.221.74.29 start=1645931263000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=140 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tag.contextweb.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931355000 externalId=31654 proto=17 reason=N/A requestClientApplication=DNS rt=1645931355000 spt=51769 src=172.16.1.126 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=371 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40001 dst=111.221.74.29 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931263000 externalId=37564 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931263000 spt=34862 src=10.1.183.61 start=1645931263000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42247 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934865000 spt=56897 src=69.159.59.212 start=1645934865000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=56897 dst=69.159.59.212 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37569 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934865000 spt=59370 src=10.1.164.165 start=1645934865000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36482 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934866000 spt=20177 src=95.19.65.246 start=1645934866000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933251000 externalId=34650 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645933251000 spt=20177 src=95.19.65.246 start=1645933251000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=20177 dst=95.19.65.246 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36481 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934866000 spt=59370 src=10.1.170.113 start=1645934866000 suser=No Authentication Required +<13>Mar 04 20:50:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=83.169.59.64 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931266000 externalId=37566 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931266000 spt=49818 src=10.1.51.72 start=1645931266000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=83.169.59.64 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931266000 externalId=32750 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931266000 spt=49815 src=10.1.51.72 start=1645931266000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-dgm bytesOut=243 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=138 dst=172.16.133.255 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931274000 externalId=32757 proto=17 reason=N/A requestClientApplication=NetBIOS-dgm rt=1645931274000 spt=138 src=10.1.33.152 start=1645931274000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49793 dst=87.236.23.243 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931352000 externalId=32765 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931352000 spt=59370 src=10.1.106.110 start=1645931352000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=21316 dst=2.235.115.123 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645932633000 externalId=33888 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645932633000 spt=59370 src=10.0.0.46 start=1645932633000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=21316 dst=2.235.115.123 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37571 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934868000 spt=59370 src=10.0.0.46 start=1645934868000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37572 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934868000 spt=21316 src=10.1.12.8 start=1645934868000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=108.61.73.244 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931287000 externalId=37570 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931287000 spt=123 src=10.180.10.102 start=1645931287000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40868 dst=5.20.206.175 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931345000 externalId=37572 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931345000 spt=59370 src=10.0.0.46 start=1645931345000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=66.151.158.187 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36483 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934869000 spt=57929 src=172.16.133.92 start=1645934869000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tag.contextweb.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931355000 externalId=37579 proto=17 reason=N/A requestClientApplication=DNS rt=1645931355000 spt=51771 src=172.16.1.126 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=serve.tagcade.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931355000 externalId=37578 proto=17 reason=N/A requestClientApplication=DNS rt=1645931355000 spt=51768 src=172.16.1.126 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tags.tagcade.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51767 dst=172.16.1.126 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931355000 externalId=37577 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931355000 spt=53 src=8.8.8.8 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=140 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tag.contextweb.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931355000 externalId=37580 proto=17 reason=N/A requestClientApplication=DNS rt=1645931355000 spt=51772 src=172.16.1.126 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.96.155.131 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42249 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934870000 spt=49597 src=10.1.154.139 start=1645934870000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.15.4.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934458000 externalId=41774 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934458000 spt=49199 src=192.168.122.200 start=1645934458000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=54 bytesOut=285 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.15.4.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42250 proto=6 reason=N/A request=https://fbstatic-a.akamaihd.net requestClientApplication=SSL client rt=1645934871000 spt=49199 src=192.168.122.200 start=1645934871000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=165 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.15.4.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934871000 externalId=36022 proto=6 reason=N/A request=https://fbstatic-a.akamaihd.net requestClientApplication=SSL client rt=1645934458000 spt=49197 src=192.168.122.200 start=1645934458000 suser=No Authentication Required +<13>Mar 04 20:50:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.49.250.242 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37574 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934872000 spt=51029 src=172.16.1.141 start=1645934872000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=140 bytesOut=272 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.49.250.242 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934872000 externalId=37574 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934872000 spt=51029 src=172.16.1.141 start=1645934872000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=946 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=157.56.52.27 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934876000 externalId=37578 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934876000 spt=34862 src=10.1.217.116 start=1645934876000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=59 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934385000 externalId=41576 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934385000 spt=40027 src=157.56.52.27 start=1645934385000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=157.56.52.27 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37578 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934876000 spt=34862 src=10.1.217.116 start=1645934876000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.82.238.146 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934876000 externalId=36474 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934846000 spt=49230 src=10.180.10.102 start=1645934846000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=59 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42253 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934876000 spt=40027 src=157.56.52.27 start=1645934876000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934878000 externalId=36475 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60933 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934878000 externalId=36477 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60951 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934878000 externalId=37565 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934848000 spt=60952 src=10.1.142.107 start=1645934848000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.192.42.179 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42254 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934879000 spt=50175 src=10.1.106.109 start=1645934879000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=104.194.8.227 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933964000 externalId=40915 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933964000 spt=123 src=10.180.10.102 start=1645933964000 suser=No Authentication Required +<13>Mar 04 20:50:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=8.27.243.253 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37580 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934880000 spt=65034 src=172.16.133.128 start=1645934880000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=104.194.8.227 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42256 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934880000 spt=123 src=10.180.10.102 start=1645934880000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36487 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=40033 src=65.55.223.27 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42258 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=40005 src=65.55.223.27 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=692 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42260 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=40017 src=65.55.223.27 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40005 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42257 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40033 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36486 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40005 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934881000 externalId=42257 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42259 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36488 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.211.12 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37581 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934882000 spt=65293 src=10.1.69.57 start=1645934882000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37582 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934884000 spt=53782 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37583 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934884000 spt=53783 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42262 proto=17 reason=N/A request=https://t0.gstatic.com requestClientApplication=QUIC client rt=1645934884000 spt=59397 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36490 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934884000 spt=53781 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=313 bytesOut=873 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934884000 externalId=36490 proto=6 reason=N/A request=https://t0.gstatic.com requestClientApplication=SSL client rt=1645934884000 spt=53781 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37585 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934884000 spt=54191 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=228 bytesOut=717 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934884000 externalId=37582 proto=6 reason=N/A request=https://t0.gstatic.com requestClientApplication=SSL client rt=1645934884000 spt=53782 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37584 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934884000 spt=54190 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42263 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934885000 spt=54385 src=10.1.41.141 start=1645934885000 suser=No Authentication Required +<13>Mar 04 20:50:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4771 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934885000 externalId=37585 proto=6 reason=N/A request=https://t3.gstatic.com requestClientApplication=SSL client rt=1645934884000 spt=54191 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=166 bytesOut=294 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934884000 externalId=37584 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934884000 spt=54190 src=10.1.41.141 start=1645934884000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37586 proto=17 reason=N/A request=https://t3.gstatic.com requestClientApplication=QUIC client rt=1645934885000 spt=58609 src=10.1.41.141 start=1645934885000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36491 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934885000 spt=54484 src=10.1.41.141 start=1645934885000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=166 bytesOut=170 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934885000 externalId=42263 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934885000 spt=54385 src=10.1.41.141 start=1645934885000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37587 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54539 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42264 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54628 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42266 proto=17 reason=N/A request=https://t2.gstatic.com requestClientApplication=QUIC client rt=1645934886000 spt=54801 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4769 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934886000 externalId=42264 proto=6 reason=N/A request=https://t2.gstatic.com requestClientApplication=SSL client rt=1645934886000 spt=54628 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36493 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54540 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4771 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934886000 externalId=37587 proto=6 reason=N/A request=https://t0.gstatic.com requestClientApplication=SSL client rt=1645934886000 spt=54539 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4855 bytesOut=642 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934886000 externalId=36491 proto=6 reason=N/A request=https://t3.gstatic.com requestClientApplication=SSL client rt=1645934885000 spt=54484 src=10.1.41.141 start=1645934885000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4770 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934886000 externalId=36492 proto=6 reason=N/A request=https://t0.gstatic.com requestClientApplication=SSL client rt=1645934886000 spt=54538 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36494 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54541 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36492 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54538 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1352 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.217.253.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934886000 externalId=41465 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934284000 spt=49286 src=172.16.45.52 start=1645934284000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42265 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54787 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4770 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934886000 externalId=36494 proto=6 reason=N/A request=https://t0.gstatic.com requestClientApplication=SSL client rt=1645934886000 spt=54541 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=114 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1.courier-sandbox-push-apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42267 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=62435 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1.courier-push-apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42268 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=63102 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=139 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1.courier-push-apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63102 dst=10.1.38.98 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42269 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934886000 spt=53 src=193.108.88.128 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=166 bytesOut=170 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934886000 externalId=36493 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=54540 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1.courier-push-apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934886000 externalId=42268 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=63102 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=160 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1.courier-sandbox-push-apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62435 dst=10.1.38.98 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42270 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934886000 spt=53 src=193.108.88.128 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=100 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mesu-cdn.apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36496 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=63252 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=100 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www-cdn.icloud.com.akadns.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42271 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=62909 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=114 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1.courier-sandbox-push-apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934886000 externalId=42267 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=62435 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=100 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mesu-cdn.apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=193.108.88.128 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934886000 externalId=36496 proto=17 reason=N/A requestClientApplication=DNS rt=1645934886000 spt=63252 src=10.1.38.98 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=136 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mesu-cdn.apple.com.akadns.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63252 dst=10.1.38.98 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36497 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934886000 spt=53 src=193.108.88.128 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36498 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54936 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37588 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54937 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4771 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934887000 externalId=37588 proto=6 reason=N/A request=https://t2.gstatic.com requestClientApplication=SSL client rt=1645934887000 spt=54937 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=313 bytesOut=873 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934887000 externalId=42265 proto=6 reason=N/A request=https://t2.gstatic.com requestClientApplication=SSL client rt=1645934886000 spt=54787 src=10.1.41.141 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37589 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=55025 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42272 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54981 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42273 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54985 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=166 bytesOut=170 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934887000 externalId=36498 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54936 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36501 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54984 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4771 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934887000 externalId=42272 proto=6 reason=N/A request=https://t3.gstatic.com requestClientApplication=SSL client rt=1645934887000 spt=54981 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.211.12 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37591 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=65298 src=10.1.69.57 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36500 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54983 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36499 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54982 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=112 bytesOut=286 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934887000 externalId=36499 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54982 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42274 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=55022 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42276 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=55026 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=166 bytesOut=232 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934887000 externalId=42273 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=54985 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4771 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934887000 externalId=36500 proto=6 reason=N/A request=https://t2.gstatic.com requestClientApplication=SSL client rt=1645934887000 spt=54983 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4824 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934887000 externalId=42276 proto=6 reason=N/A request=https://t2.gstatic.com requestClientApplication=SSL client rt=1645934887000 spt=55026 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4770 bytesOut=486 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934887000 externalId=36501 proto=6 reason=N/A request=https://t2.gstatic.com requestClientApplication=SSL client rt=1645934887000 spt=54984 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=283 bytesOut=717 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934887000 externalId=42274 proto=6 reason=N/A request=https://t0.gstatic.com requestClientApplication=SSL client rt=1645934887000 spt=55022 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.112.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934888000 externalId=36503 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934888000 spt=38391 src=10.1.160.29 start=1645934888000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.211.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934888000 externalId=37591 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=65298 src=10.1.69.57 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.112.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36503 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934888000 spt=38391 src=10.1.160.29 start=1645934888000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13719|SERVER-ORACLE database username buffer overflow|7|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13719 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.112.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56253 proto=TCP requestClientApplication=Unknown rt=1645934888000 spt=38391 src=10.1.160.29 start=1645934888000 suser=No Authentication Required +<<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.48.121.18 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36504 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934889000 spt=49591 src=10.1.208.231 start=1645934889000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36507 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934890000 spt=16665 src=177.139.17.17 start=1645934890000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=16665 dst=177.139.17.17 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42277 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934890000 spt=59370 src=10.1.56.241 start=1645934890000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=98 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.12.30 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934891000 externalId=37593 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645934891000 spt=8 src=10.1.143.52 start=1645934891000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=98 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.12.30 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37593 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645934891000 spt=8 src=10.1.143.52 start=1645934891000 suser=No Authentication Required +<13>Mar 04 20:50:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37594 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934892000 spt=50909 src=172.16.133.75 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36510 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934892000 spt=50907 src=172.16.133.75 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36511 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934892000 spt=50908 src=172.16.133.75 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=85.87.241.113 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36509 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934892000 spt=59370 src=10.1.100.29 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|6|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=2 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.2.12.30 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187710 proto=ICMP requestClientApplication=ICMP client rt=1645934891000 spt=8 src=10.1.143.52 start=1645934891000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.167.239.239 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934893000 externalId=41478 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934291000 spt=61317 src=10.1.160.129 start=1645934291000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36512 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934893000 spt=40501 src=60.250.189.163 start=1645934893000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=316 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40501 dst=60.250.189.163 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934893000 externalId=37595 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934893000 spt=59370 src=10.1.192.146 start=1645934893000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40501 dst=60.250.189.163 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37595 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934893000 spt=59370 src=10.1.192.146 start=1645934893000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934893000 externalId=36512 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934893000 spt=40501 src=60.250.189.163 start=1645934893000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.141.144 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37598 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934896000 spt=51265 src=10.1.191.123 start=1645934896000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=202.93.17.181 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36516 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934896000 spt=49352 src=10.1.88.81 start=1645934896000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=2.21.111.132 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934897000 externalId=37570 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934867000 spt=50549 src=10.0.2.15 start=1645934867000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42281 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934897000 spt=48228 src=80.99.193.225 start=1645934897000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=48228 dst=80.99.193.225 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37599 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934897000 spt=59370 src=10.1.88.200 start=1645934897000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=66.151.158.187 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934899000 externalId=36483 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934869000 spt=57929 src=172.16.133.92 start=1645934869000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=66.151.158.187 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934899000 externalId=42248 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934869000 spt=57923 src=172.16.133.92 start=1645934869000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8014 dst=172.16.128.169 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42284 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934900000 spt=53854 src=172.16.133.63 start=1645934900000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1798 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.15.4.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934901000 externalId=42250 proto=6 reason=N/A request=https://fbstatic-a.akamaihd.net requestClientApplication=SSL client rt=1645934871000 spt=49199 src=192.168.122.200 start=1645934871000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.134.18 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42285 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934901000 spt=60202 src=10.1.249.191 start=1645934901000 suser=No Authentication Required +<13>Mar 04 20:50:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.87.174.85 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934904000 externalId=42252 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934873000 spt=49437 src=172.16.3.122 start=1645934873000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.87.174.85 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934904000 externalId=37575 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934873000 spt=49438 src=172.16.3.122 start=1645934873000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ns-656.awsdns-18.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.251.197.82 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37606 proto=17 reason=N/A requestClientApplication=DNS rt=1645934903000 spt=62757 src=10.1.198.125 start=1645934903000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.58.244.27 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42289 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934904000 spt=55664 src=10.1.117.207 start=1645934904000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.58.244.27 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42288 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934904000 spt=55663 src=10.1.117.207 start=1645934904000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.244.43.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934905000 externalId=37607 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934904000 spt=51139 src=10.1.4.115 start=1645934904000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2117 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=13.94.40.40 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934905000 externalId=37577 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934875000 spt=49344 src=10.1.90.77 start=1645934875000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.233.166.95 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37608 proto=17 reason=N/A request=https://fonts.googleapis.com requestClientApplication=QUIC client rt=1645934905000 spt=49864 src=10.1.208.72 start=1645934905000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=61137 dst=95.109.102.71 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934906000 externalId=42291 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645934906000 spt=63448 src=10.1.51.232 start=1645934906000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=357 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36528 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934906000 spt=61137 src=95.109.102.71 start=1645934906000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=27060 dst=139.153.145.214 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36529 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934907000 spt=51622 src=10.1.92.151 start=1645934907000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=61137 dst=95.109.102.71 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42291 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934906000 spt=63448 src=10.1.51.232 start=1645934906000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|7|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=61137 dst=95.109.102.71 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122005 proto=UDP requestClientApplication=BitTorrent rt=1645934906000 spt=63448 src=10.1.51.232 start=1645934906000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= p*d1:ad2:id20:oyHLlJwj9:info_hash20:oyHLlGH e1:q9:get_peers1:t2: _1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122005 rt=1645934906000 start=1645934906000 +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=64 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=27060 dst=139.153.145.214 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37610 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934907000 spt=34862 src=10.1.92.151 start=1645934907000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=692 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934881000 externalId=42260 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=40017 src=65.55.223.27 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=946 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934881000 externalId=36488 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36531 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=34862 src=10.1.72.248 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934908000 externalId=42258 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=40005 src=65.55.223.27 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=59 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36532 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=40027 src=65.55.223.27 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42294 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=40005 src=65.55.223.27 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=166 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934908000 externalId=42259 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40033 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36533 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=34862 src=10.1.72.248 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=150 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40033 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934908000 externalId=36486 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=34862 src=10.1.72.248 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=692 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42293 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=40017 src=65.55.223.27 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=65.55.223.27 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42295 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=34862 src=10.1.72.248 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.192.42.179 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934909000 externalId=42255 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934879000 spt=50176 src=10.1.106.109 start=1645934879000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.158.223.140 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42297 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934909000 spt=50646 src=10.1.222.146 start=1645934909000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.158.223.140 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37612 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934909000 spt=50644 src=10.1.222.146 start=1645934909000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36534 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934910000 spt=50907 src=172.16.133.75 start=1645934910000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42300 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934910000 spt=50913 src=172.16.133.75 start=1645934910000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1514 bytesOut=320 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36535 proto=6 reason=N/A request=https://download.citrixonline.com requestClientApplication=SSL client rt=1645934910000 spt=50908 src=172.16.133.75 start=1645934910000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4557 bytesOut=374 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934892000 externalId=36510 proto=6 reason=N/A request=https://download.citrixonline.com requestClientApplication=SSL client rt=1645934892000 spt=50907 src=172.16.133.75 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=3086 bytesOut=374 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934892000 externalId=36511 proto=6 reason=N/A request=https://download.citrixonline.com requestClientApplication=SSL client rt=1645934892000 spt=50908 src=172.16.133.75 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.67.129 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934911000 externalId=42300 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934910000 spt=50913 src=172.16.133.75 start=1645934910000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.25 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934911000 externalId=36485 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934881000 spt=39572 src=10.180.10.102 start=1645934881000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36538 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934912000 spt=16001 src=27.184.198.226 start=1645934912000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=14824 bytesOut=1639 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.6.129 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934912000 externalId=36814 proto=6 reason=N/A request=https://geo2.ggpht.com requestClientApplication=SSL client rt=1645934259000 spt=49494 src=10.1.170.168 start=1645934259000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=16001 dst=27.184.198.226 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42302 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934912000 spt=59370 src=10.1.132.101 start=1645934912000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8014 dst=172.16.128.169 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42303 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934913000 spt=53793 src=172.16.133.66 start=1645934913000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=13449 dst=94.225.140.21 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934913000 externalId=36489 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934883000 spt=51881 src=10.1.181.226 start=1645934883000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|FileMalware:502:1|File Malware Event|0.0|act=Malware Cloud Lookup app=HTTP cs1=46e17ba8-857c-11ec-b668-b2a41043302a cs1Label=filePolicy cs2=Unknown cs2Label=disposition cs3=Spero detection not performed on file cs3Label=speroDisposition deviceDirection=1 deviceExternalId=1 dpt=8014 dst=172.16.128.169 dvchost=CSTA-vFTD-Production dvcpid=2 fileHash=b'd6ce53bb152948f8378eea4300e89b0bbafb463871904927d00bec81a0626e2a' fileType=GZ fname=secars.dll fsize=1905 proto=6 request="/secars/secars.dll?h=B9518A323A7A5F55EB59B3EC1753F4DC39E4FB363766ECE3A97454E683C6B763BFA46491E22CE1C01118B59477A7C0A26E1BC5307907A8FBECB218BF556EFFDD8226D4F52E706E0533F0E75848403191D09F9917FC193B16C194EFFB01877937F21A7FB57A09AAAA80320EB5F1A00B62A05F2AF5B4D7CBE6E2ADE04870F2BE2D15D14A60A81A3543A286BD39BA08F2E73279EF7921C12BC3D309B6E4F79E51EC252451E74EEF7C1BC124CBCD7915A2C8D25F6A0D2514DE33B57452DD6E5DD869A678CBDD53B2B34F7895C38914F51DC764820D4D927C89A8B55EB7769704DF4EE0EF1D2AA18A9104F4E1E9F0A86E54C0CC2720F3FF24A0276FB6BDFBAAFCC4620ED11E1E38616EDFDB96828B49BE1E80C117F8E5C12B0C5E5FE5A0447344A51301A25C4CC6C38B64C67A3899BB3A32A40403D59849C187DD5525D36166944DE252278B30D4B466020129464ECEABBC1539F98E7E652D34CF08E7BD00FC7B6EA0F2E6E845DBB8438CAF52E88208581F036CD6424B9FFDFCBC21784CEC780D307C8825C0FA8F505EADA45AFBED0EBC847D43CD3D67BA8C5C75D6C6E0C482514CCF" requestClientApplication=Web browser rt=1645934914000 spt=53793 src=172.16.133.66 start=1645934913000 suser=No Authentication Required +<13>Mar 04 20:50:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.72.80.160 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37615 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934914000 spt=58577 src=10.1.25.212 start=1645934914000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=188.40.142.18 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36543 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934915000 spt=123 src=10.180.10.102 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.169.170.156 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36541 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=52474 src=10.1.9.27 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.169.170.156 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36542 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=52476 src=10.1.9.27 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.169.170.156 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36540 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=60865 src=10.1.9.27 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=174 bytesOut=1113 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.169.170.156 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934915000 externalId=36541 proto=6 reason=N/A request="http://match.adsrvr.org/track/cmf/rightmedia?ttd_tpi=1&xid=L_z4.0.E_y1.qMZGv0az5QV9" requestClientApplication=Chrome rt=1645934915000 spt=52474 src=10.1.9.27 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.195.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36544 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=50342 src=192.168.1.95 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.20 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934916000 externalId=36495 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934886000 spt=60544 src=10.180.10.102 start=1645934886000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934917000 externalId=42275 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=55024 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934917000 externalId=37590 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=55027 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934917000 externalId=36502 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934887000 spt=55023 src=10.1.41.141 start=1645934887000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18374 dst=2.10.249.37 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934918000 externalId=36547 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645934918000 spt=63448 src=10.0.0.201 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.155.158.113 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37619 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934918000 spt=49392 src=10.1.150.179 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18374 dst=2.10.249.37 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36547 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934918000 spt=63448 src=10.0.0.201 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=352 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37620 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934918000 spt=18374 src=10.1.79.212 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.155.158.113 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36548 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934918000 spt=49393 src=10.1.150.179 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|7|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18374 dst=2.10.249.37 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56254 proto=UDP requestClientApplication=BitTorrent rt=1645934918000 spt=63448 src=10.0.0.201 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=G p[d1:ad2:id20:oyHLlJwj9:info_hash20:iet6-37e1:q9:get_peers1:t2:1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56254 rt=1645934918000 start=1645934918000 +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=185.216.231.84 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645932628000 externalId=32424 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932628000 spt=123 src=10.180.10.102 start=1645932628000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.238.2.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934919000 externalId=36506 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934889000 spt=53703 src=172.16.1.141 start=1645934889000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.238.2.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934919000 externalId=36505 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934889000 spt=53702 src=172.16.1.141 start=1645934889000 suser=No Authentication Required +<13>Mar 04 20:50:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=185.216.231.84 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36550 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934919000 spt=123 src=10.180.10.102 start=1645934919000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.237.225.117 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36551 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934919000 spt=59014 src=10.1.150.135 start=1645934919000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8944 dst=141.51.87.68 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934920000 externalId=37592 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934890000 spt=53921 src=10.1.47.36 start=1645934890000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.26 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934921000 externalId=36508 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934891000 spt=57472 src=10.180.10.102 start=1645934891000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=176.34.123.210 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37624 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934922000 spt=52453 src=10.1.48.18 start=1645934922000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=85.87.241.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934922000 externalId=42278 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934892000 spt=43759 src=10.1.100.29 start=1645934892000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5696 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.246.81.219 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934924000 externalId=37597 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934894000 spt=49827 src=10.1.119.110 start=1645934894000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5680 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.246.81.219 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934924000 externalId=42287 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934902000 spt=49992 src=10.1.119.110 start=1645934902000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTPS bytesIn=74 bytesOut=391 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.0 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934925000 externalId=42311 proto=6 reason=Intrusion Block request=https://plus.google.com requestClientApplication=SSL client rt=1645934925000 spt=57543 src=10.1.217.208 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=91.194.248.3 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934925000 externalId=42280 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934895000 spt=49267 src=172.17.1.129 start=1645934895000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=91.194.248.3 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934925000 externalId=36514 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934895000 spt=49689 src=172.17.1.129 start=1645934895000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=216.229.0.49 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645932693000 externalId=39885 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932693000 spt=123 src=10.180.10.102 start=1645932693000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=216.229.0.49 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42309 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934925000 spt=123 src=10.180.10.102 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.199 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934463000 externalId=41793 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934463000 spt=123 src=10.180.10.102 start=1645934463000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.199 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42308 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934925000 spt=123 src=10.180.10.102 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.0 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42311 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934925000 spt=57543 src=10.1.217.208 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=156 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.0 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42310 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934925000 spt=57542 src=10.1.217.208 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40164 dst=189.68.212.58 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934926000 externalId=37628 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645934926000 spt=63448 src=10.1.22.234 start=1645934926000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37913|POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt|7|act=Blocked app=HTTPS cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37913 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57543 dst=10.1.217.208 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122006 proto=TCP requestClientApplication=SSL client rt=1645934925000 spt=443 src=173.194.43.0 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|8|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40164 dst=189.68.212.58 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187711 proto=UDP requestClientApplication=BitTorrent rt=1645934926000 spt=63448 src=10.1.22.234 start=1645934926000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1="  P  ` \\Q-1lI=(6QEFsP a 4     # 3t spdy/3spdy/2http/1.1uO " cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122006 rt=1645934925000 start=1645934925000 +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= pSd1:ad2:id20:oyHLlJwj9:info_hash20:lX\|\\xP5e1:q9:get_peers1:t2:1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187711 rt=1645934926000 start=1645934926000 +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.28.9.93 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37630 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934927000 spt=49182 src=192.168.137.56 start=1645934927000 suser=No Authentication Required +<13>Mar 04 20:50:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=359 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36554 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934926000 spt=40164 src=189.68.212.58 start=1645934926000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40164 dst=189.68.212.58 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37628 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934926000 spt=63448 src=10.1.22.234 start=1645934926000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.21 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934926000 externalId=36515 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934896000 spt=38310 src=10.180.10.102 start=1645934896000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934927000 externalId=37600 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934897000 spt=54712 src=10.1.46.43 start=1645934897000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934928000 externalId=37601 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934898000 spt=55309 src=10.1.46.43 start=1645934898000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934927000 externalId=42282 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934897000 spt=54718 src=10.1.46.43 start=1645934897000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934928000 externalId=36517 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934898000 spt=55312 src=10.1.46.43 start=1645934898000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934928000 externalId=42283 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934898000 spt=55307 src=10.1.46.43 start=1645934898000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=5492 bytesOut=1795 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.32.181.109 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934928000 externalId=34601 proto=6 reason=N/A requestClientApplication=Safari rt=1645932953000 spt=38365 src=172.16.133.132 start=1645932953000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:201|(http_inspect) not HTTP traffic or unrecoverable HTTP protocol error|2|act=Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=201 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=38366 dst=172.16.133.132 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56255 proto=TCP requestClientApplication=Safari rt=1645934928000 spt=80 src=23.32.181.109 start=1645934928000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTP bytesIn=1514 bytesOut=426 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.32.181.109 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934928000 externalId=36556 proto=6 reason=Intrusion Block request="http://pixel.mathtag.com/event/js?mt_id=171329&mt_adid=104239&v1=&v2=&v3=&s1=&s2=&s3=" requestClientApplication=Safari rt=1645934928000 spt=38366 src=172.16.133.132 start=1645934928000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4503 bytesOut=992 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.32.181.109 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645932953000 externalId=34602 proto=6 reason=N/A request="http://pixel.mathtag.com/event/js?mt_id=171329&mt_adid=104239&v1=&v2=&v3=&s1=&s2=&s3=" requestClientApplication=Safari rt=1645932953000 spt=38366 src=172.16.133.132 start=1645932953000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934928000 externalId=37602 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934898000 spt=55532 src=10.1.46.43 start=1645934898000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.32.181.109 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36555 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934928000 spt=38366 src=172.16.133.132 start=1645934928000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.132.245 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934928000 externalId=36519 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934898000 spt=55527 src=10.1.46.43 start=1645934898000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=695 bytesOut=361 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.32.181.109 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934928000 externalId=34603 proto=6 reason=N/A request="http://pixel.mathtag.com/event/img?mt_id=131949&mt_adid=104239&v1=&v2=&v3=&s1=&s2=&s3=" requestClientApplication=Safari rt=1645932953000 spt=38367 src=172.16.133.132 start=1645932953000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=108.160.172.225 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934928000 externalId=36518 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934898000 spt=50394 src=10.1.234.149 start=1645934898000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13719|SERVER-ORACLE database username buffer overflow|8|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13719 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56256 proto=TCP requestClientApplication=Unknown rt=1645934929000 spt=44343 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13719|SERVER-ORACLE database username buffer overflow|8|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13719 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122007 proto=TCP requestClientApplication=Unknown rt=1645934929000 spt=44352 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36557 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934929000 spt=44343 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42313 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934929000 spt=44344 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=108.174.0.215 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934929000 externalId=36521 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934899000 spt=49424 src=172.17.1.129 start=1645934899000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=108.174.0.215 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934929000 externalId=36523 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934899000 spt=49716 src=172.17.1.129 start=1645934899000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=465 dst=108.174.0.215 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934929000 externalId=37605 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934899000 spt=49469 src=172.17.1.129 start=1645934899000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=108.174.0.215 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934929000 externalId=37604 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934899000 spt=49329 src=172.17.1.129 start=1645934899000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=465 dst=108.174.0.215 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934929000 externalId=36525 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934899000 spt=49796 src=172.17.1.129 start=1645934899000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42314 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934929000 spt=44352 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934929000 externalId=42314 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934929000 spt=44352 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934929000 externalId=36557 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934929000 spt=44343 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934930000 externalId=36526 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934900000 spt=49487 src=10.1.238.219 start=1645934900000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.134.18 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934931000 externalId=42286 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934901000 spt=60205 src=10.1.249.191 start=1645934901000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=270 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=198.60.22.240 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933864000 externalId=35100 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933733000 spt=123 src=10.180.10.102 start=1645933733000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645932680000 externalId=34112 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645932680000 spt=6881 src=190.225.3.218 start=1645932680000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36562 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934931000 spt=6881 src=190.225.3.218 start=1645934931000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=198.60.22.240 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36561 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934931000 spt=123 src=10.180.10.102 start=1645934931000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.89 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36552 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934920000 spt=60323 src=10.1.25.157 start=1645934920000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6881 dst=190.225.3.218 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37632 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934931000 spt=59370 src=10.1.238.241 start=1645934931000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=139.162.151.220 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37634 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934932000 spt=49932 src=10.1.116.125 start=1645934932000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4230 bytesOut=5701 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.96.155.131 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934933000 externalId=42249 proto=6 reason=N/A request="http://ih.adscale.de/adscale-ih/tpui?tpid=30&tpuid=2822748155775046382&nut&uu=412781458396957510" requestClientApplication=Chrome rt=1645934870000 spt=49597 src=10.1.154.139 start=1645934870000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.58.244.27 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934934000 externalId=42288 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934904000 spt=55663 src=10.1.117.207 start=1645934904000 suser=No Authentication Required +<13>Mar 04 20:50:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.58.244.27 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934934000 externalId=42289 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934904000 spt=55664 src=10.1.117.207 start=1645934904000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.233.166.95 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934935000 externalId=37609 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934905000 spt=49645 src=10.1.208.72 start=1645934905000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=80300 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.73 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934935000 externalId=42290 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934905000 spt=60331 src=10.1.52.176 start=1645934905000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.233.166.95 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934935000 externalId=36527 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934905000 spt=49646 src=10.1.208.72 start=1645934905000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37640 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934937000 spt=31637 src=37.204.76.61 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933899000 externalId=36282 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645933899000 spt=31637 src=37.204.76.61 start=1645933899000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=31637 dst=37.204.76.61 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42317 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934937000 spt=59370 src=10.1.43.248 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=502 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.16.90.188 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934937000 externalId=37611 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934907000 spt=49452 src=192.168.1.95 start=1645934907000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.16.90.188 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934937000 externalId=42292 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934907000 spt=49453 src=192.168.1.95 start=1645934907000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.174.212.17 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36566 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934937000 spt=63156 src=10.1.165.79 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=776 bytesOut=741 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.174.212.17 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934937000 externalId=36566 proto=6 reason=N/A request="http://r.nexac.com/e/getdata.xgi?dt=br&pkey=gpwn29rvapq62&ru=http://beacon.krxd.net/data.gif?_kuid%3DJ9PjqQfY%26_kdpid%3D2dd640a6-6ebd-4d4f-af30-af8baa441a0d%26dlxid%3D%3Cna_id%3E%26dlxdata%3D%3Cna_da%3E" requestClientApplication=Chrome rt=1645934937000 spt=63156 src=10.1.165.79 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=64 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=111.221.77.140 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36567 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934938000 spt=34862 src=10.1.252.91 start=1645934938000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36568 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934938000 spt=40027 src=111.221.77.140 start=1645934938000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.85.146.130 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934938000 externalId=36530 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934908000 spt=49475 src=172.16.3.122 start=1645934908000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1652 dst=84.236.37.127 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934940000 externalId=42298 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934910000 spt=49490 src=10.1.40.166 start=1645934910000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1652 dst=84.236.37.127 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934940000 externalId=42299 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934910000 spt=49492 src=10.1.40.166 start=1645934910000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=64.158.223.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934939000 externalId=42296 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934909000 spt=50645 src=10.1.222.146 start=1645934909000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37642 proto=17 reason=N/A requestClientApplication=DNS rt=1645934941000 spt=56735 src=172.16.133.18 start=1645934941000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-dgm bytesOut=467 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=138 dst=10.0.1.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934941000 externalId=36570 proto=17 reason=N/A requestClientApplication=NetBIOS-dgm rt=1645934941000 spt=138 src=10.1.202.11 start=1645934941000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36572 proto=17 reason=N/A requestClientApplication=DNS rt=1645934941000 spt=58983 src=172.16.133.18 start=1645934941000 suser=No Authentication Required +<13>Mar 04 20:50:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=330 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=10.0.1.255 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934941000 externalId=42320 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934940000 spt=137 src=10.1.202.11 start=1645934940000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=19915 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=80.231.241.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934941000 externalId=36537 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934911000 spt=54329 src=10.1.100.12 start=1645934911000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=10.0.1.255 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42320 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934940000 spt=137 src=10.1.202.11 start=1645934940000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-dgm bytesOut=243 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=138 dst=10.0.1.255 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36570 proto=17 reason=N/A requestClientApplication=NetBIOS-dgm rt=1645934941000 spt=138 src=10.1.202.11 start=1645934941000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.3.93.75 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42322 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=60613 src=10.1.241.96 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.3.93.75 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36574 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=60612 src=10.1.241.96 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.3.93.75 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934942000 externalId=36574 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=60612 src=10.1.241.96 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.85.226.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934942000 externalId=42301 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934912000 spt=49254 src=172.16.1.149 start=1645934912000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42328 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=40022 src=64.4.23.161 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.3.93.75 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934942000 externalId=42322 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=60613 src=10.1.241.96 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.1.170 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36576 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=49246 src=10.1.5.32 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40022 dst=64.4.23.161 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42327 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=34862 src=10.1.111.220 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934524000 externalId=41870 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934524000 spt=40022 src=64.4.23.161 start=1645934524000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37657 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934943000 spt=17409 src=109.206.43.143 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17409 dst=109.206.43.143 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37656 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934943000 spt=59370 src=10.1.68.212 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36587 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57886 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37659 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57895 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36592 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57900 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=108 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42333 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57902 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42332 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57893 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37662 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57898 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42331 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57892 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=174 bytesOut=273 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934944000 externalId=36592 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934944000 spt=57900 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37661 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57897 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36594 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57907 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37663 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57901 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42330 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57888 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36588 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57890 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37660 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57896 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36593 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57903 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=174 bytesOut=219 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934944000 externalId=37663 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934944000 spt=57901 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37665 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57912 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42336 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57914 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37666 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56534 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1367 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=50.16.196.229 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934944000 externalId=36539 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934914000 spt=50497 src=192.168.137.62 start=1645934914000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1067 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42334 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56529 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42335 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56532 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36598 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56530 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36599 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56533 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=50.16.196.229 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934944000 externalId=37614 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934914000 spt=50498 src=192.168.137.62 start=1645934914000 suser=No Authentication Required +<13>Mar 04 20:50:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37664 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56531 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42338 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57917 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42339 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57918 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37667 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57919 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42340 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57929 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36604 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57928 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36602 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57920 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934944000 externalId=37665 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57912 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36603 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57924 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37669 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57923 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36601 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56536 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37668 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57922 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42344 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57941 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42345 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57943 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37672 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57939 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.204.255.156 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36605 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57220 src=172.16.1.141 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=140 bytesOut=272 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.204.255.156 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934944000 externalId=36605 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57220 src=172.16.1.141 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42346 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57944 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37673 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57940 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=174 bytesOut=273 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934945000 externalId=37673 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934945000 spt=57940 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36606 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57938 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37674 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57945 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934945000 externalId=37666 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56534 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37676 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57949 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42347 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=57950 src=10.1.109.249 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.195.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934945000 externalId=37616 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=50341 src=192.168.1.95 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=daisy.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42348 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=43383 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.122.121.32 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934945000 externalId=37617 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=56484 src=10.180.10.102 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cityofconway.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36609 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=37589 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.195.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934945000 externalId=36545 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934915000 spt=50347 src=192.168.1.95 start=1645934915000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=maxcdn.bootstrapcdn.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37678 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=36796 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=daisy.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934945000 externalId=42348 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=43383 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=119 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=daisy.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=43383 dst=172.16.3.110 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42349 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934945000 spt=53 src=8.8.8.8 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cityofconway.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934945000 externalId=36609 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=37589 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=103 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cityofconway.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=37589 dst=172.16.3.110 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36610 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934945000 spt=53 src=8.8.8.8 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=detectportal.firefox.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42350 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=55916 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=netdna.bootstrapcdn.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37679 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=39941 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=translate.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36612 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=38905 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=detectportal.firefox.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934945000 externalId=42350 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=55916 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37682 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=56273 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ocsp.comodoca.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36613 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=45675 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=api.snapcraft.io deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934945000 externalId=42352 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=54078 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37683 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=34409 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googleapis.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36616 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=48517 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=151 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=api.snapcraft.io deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54078 dst=172.16.3.110 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42353 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934945000 spt=53 src=8.8.8.8 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=82 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=twitter.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36617 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=43858 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.conwayparks.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37687 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=34557 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=clients1.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37686 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=51476 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fonts.googleapis.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42356 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=55006 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=149 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ntp.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=59340 dst=172.16.3.110 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42355 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934945000 spt=53 src=8.8.8.8 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ajax.googleapis.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42357 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=41257 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36611 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=38511 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36620 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=44923 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cse.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37680 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=48123 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fonts.gstatic.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37681 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=57630 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=api.snapcraft.io deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42352 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=54078 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=253 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=detectportal.firefox.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=55916 dst=172.16.3.110 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42351 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934945000 spt=53 src=8.8.8.8 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=translate.googleapis.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36615 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=51558 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ocsp.pki.goog deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36614 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=43083 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=stats.g.doubleclick.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37685 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=39627 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.gstatic.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37684 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=40205 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=98 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.conwayanimalwelfare.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42358 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=50100 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ntp.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934945000 externalId=42354 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=59340 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ntp.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42354 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=59340 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=data-conwayargis.opendata.arcgis.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36619 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=48884 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.conwaychamber.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42359 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=41781 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.facebook.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36618 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=35845 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=public.coderedweb.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37689 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=47303 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.conwayark.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37688 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=50464 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=104 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=content-signature.cdn.mozilla.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37694 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=53835 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=108 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=firefox.settings.services.mozilla.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42363 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=33814 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=gis.cityofconway.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37690 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=36964 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=93 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.downtownconway.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42360 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=58886 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.municode.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37691 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=36474 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.developconway.org deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42361 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=56656 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mail.cityofconway-ar.gov deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37692 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=55015 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.smart911.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42362 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=55021 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=111 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=blocklists.settings.services.mozilla.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37693 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=42978 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ocsp.digicert.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42364 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=35727 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=100 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=connectivity-check.ubuntu.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42365 proto=17 reason=N/A requestClientApplication=DNS rt=1645934945000 spt=59053 src=172.16.3.110 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37696 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=49930 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37645 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=49492 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36624 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51365 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934946000 externalId=42305 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934916000 spt=49273 src=10.1.97.62 start=1645934916000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=217.114.59.3 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42366 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934946000 spt=123 src=10.180.10.102 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37648 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=51144 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36626 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53064 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934946000 externalId=36580 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934942000 spt=51996 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=217.114.59.3 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933669000 externalId=40755 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933669000 spt=123 src=10.180.10.102 start=1645933669000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37701 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53098 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36580 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=51996 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42368 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53072 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42371 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53609 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934946000 externalId=37648 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934942000 spt=51144 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36628 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53323 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934946000 externalId=42368 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53072 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934946000 externalId=36546 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934916000 spt=49274 src=10.1.97.62 start=1645934916000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37697 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51156 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934946000 externalId=37701 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53098 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934946000 externalId=36626 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53064 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37653 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=53303 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42372 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53610 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934946000 externalId=42371 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53609 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934946000 externalId=42372 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53610 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=10942 bytesOut=178 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.72.203.27 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37629 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934926000 spt=54136 src=10.1.141.84 start=1645934926000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934946000 externalId=36629 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53454 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36629 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53454 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42373 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53611 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934946000 externalId=37703 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934946000 spt=53608 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36635 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53939 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37703 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53608 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37706 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53767 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934947000 externalId=37706 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934947000 spt=53767 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37707 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53780 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37709 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53965 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37708 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53936 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37655 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=53307 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934946000 externalId=37655 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934942000 spt=53307 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42374 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53764 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934947000 externalId=37709 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934947000 spt=53965 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42377 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=64799 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37710 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=52839 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42379 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=49182 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37711 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934947000 spt=11005 src=46.164.173.122 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36640 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=49572 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42381 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=49207 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36638 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=49216 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=951 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934947000 externalId=37711 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934947000 spt=11005 src=46.164.173.122 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42380 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=49200 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36641 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50499 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36642 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50502 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11005 dst=46.164.173.122 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42382 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934947000 spt=59370 src=10.1.25.225 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42387 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50546 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36643 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50708 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37712 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50500 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934947000 externalId=36643 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934947000 spt=50708 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11005 dst=46.164.173.122 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934947000 externalId=42382 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934947000 spt=59370 src=10.1.25.225 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934947000 externalId=36645 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934947000 spt=50713 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36644 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50709 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42386 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50514 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DHCP bytesOut=342 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=68 dst=172.16.103.77 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42388 proto=17 reason=N/A requestClientApplication=DHCP client rt=1645934947000 spt=67 src=172.16.103.254 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934947000 externalId=42387 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934947000 spt=50546 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36645 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50713 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36646 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50718 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934947000 externalId=36646 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934947000 spt=50718 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42390 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50707 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DHCP bytesOut=342 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=68 dst=172.16.103.77 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934947000 externalId=42388 proto=17 reason=N/A requestClientApplication=DHCP client rt=1645934947000 spt=67 src=172.16.103.254 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTPS bytesIn=66 bytesOut=568 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=199.59.150.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934948000 externalId=42392 proto=6 reason=Intrusion Block request=https://r.twimg.com requestClientApplication=SSL client rt=1645934948000 spt=60831 src=10.1.73.165 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=199.59.150.43 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42392 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934948000 spt=60831 src=10.1.73.165 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.155.158.113 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934948000 externalId=36549 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934918000 spt=49397 src=10.1.150.179 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.155.158.113 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934948000 externalId=37618 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934918000 spt=49389 src=10.1.150.179 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.232.70 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42394 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934948000 spt=50455 src=192.168.137.62 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.232.70 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934949000 externalId=42394 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934948000 spt=50455 src=192.168.137.62 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cigital.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.21.13.178 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37714 proto=17 reason=N/A requestClientApplication=DNS rt=1645934949000 spt=22852 src=10.1.66.132 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cigital.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.21.13.178 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934949000 externalId=37714 proto=17 reason=N/A requestClientApplication=DNS rt=1645934949000 spt=22852 src=10.1.66.132 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.155.158.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934948000 externalId=42306 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934918000 spt=49399 src=10.1.150.179 start=1645934918000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cigital.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.21.13.178 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934949000 externalId=42396 proto=17 reason=N/A requestClientApplication=DNS rt=1645934949000 spt=60154 src=10.1.66.132 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cigital.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.21.13.178 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42395 proto=17 reason=N/A requestClientApplication=DNS rt=1645934949000 spt=60154 src=10.1.66.132 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cigital.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60154 dst=10.1.66.132 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42397 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934949000 spt=53 src=129.21.13.178 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cigital.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22852 dst=10.1.66.132 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37715 proto=17 reason=N/A requestClientApplication=DNS client rt=1645934949000 spt=53 src=129.21.13.178 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37026|POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt|8|act=Blocked app=HTTPS cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37026 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60831 dst=10.1.73.165 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122008 proto=TCP requestClientApplication=SSL client rt=1645934948000 spt=443 src=199.59.150.43 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=  P  P LQ-1+_~i(Y}RcIsIk  $  # 3t spdy/3spdy/2http/1.1 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122008 rt=1645934948000 start=1645934948000 +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=67.217.177.164 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37717 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=62767 src=10.1.88.141 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1108 bytesOut=869 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=67.217.177.164 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934950000 externalId=37717 proto=6 reason=N/A request="http://ce.lijit.com/merge?pid=29&3pid=BE0MZmSmXqw1CjXFA1F-oer5LdpY" requestClientApplication=Chrome rt=1645934950000 spt=62767 src=10.1.88.141 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.212.129 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42399 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934949000 spt=49347 src=10.1.128.217 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42400 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49185 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.89 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934950000 externalId=36553 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934920000 spt=60499 src=10.1.25.157 start=1645934920000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37718 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49181 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=205.234.186.112 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36649 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=51629 src=10.1.83.103 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=98.138.19.88 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934951000 externalId=37622 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934921000 spt=44300 src=172.16.133.132 start=1645934921000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37721 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934951000 spt=43496 src=91.209.54.40 start=1645934951000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=43496 dst=91.209.54.40 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37720 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934951000 spt=59370 src=10.1.33.21 start=1645934951000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1281 bytesOut=896 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.246.112.35 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934952000 externalId=37722 proto=6 reason=N/A request="http://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech_eu" requestClientApplication=Chrome rt=1645934952000 spt=49521 src=10.1.65.221 start=1645934952000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.246.112.35 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37722 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934952000 spt=49521 src=10.1.65.221 start=1645934952000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=85.25.95.8 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42403 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934952000 spt=49176 src=192.168.137.83 start=1645934952000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.21.205.194 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934952000 externalId=37623 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934922000 spt=50190 src=172.16.133.40 start=1645934922000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=10.11.11.255 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36653 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934952000 spt=137 src=10.1.251.89 start=1645934952000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645932644000 externalId=33539 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645932644000 spt=27884 src=118.175.28.27 start=1645932644000 suser=No Authentication Required +<13>Mar 04 20:50:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=1816 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=10.11.11.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934952000 externalId=36653 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645934952000 spt=137 src=10.1.251.89 start=1645934952000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=27884 dst=118.175.28.27 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42404 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934953000 spt=59370 src=10.1.234.135 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36655 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934953000 spt=27884 src=118.175.28.27 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=69.172.216.111 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934953000 externalId=37625 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934923000 spt=49353 src=172.16.104.115 start=1645934923000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=69.172.216.111 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934953000 externalId=42307 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934923000 spt=49352 src=172.16.104.115 start=1645934923000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=172 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=195.128.140.98 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934953000 externalId=41534 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934351000 spt=49641 src=10.1.49.177 start=1645934351000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36660 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=49288 src=10.1.164.162 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36659 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=49287 src=10.1.164.162 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36661 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=49445 src=10.1.164.162 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=166 bytesOut=273 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934953000 externalId=42405 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934953000 spt=49285 src=10.1.164.162 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36662 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=49486 src=10.1.164.162 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42405 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=49285 src=10.1.164.162 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42406 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=49286 src=10.1.164.162 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=59999 dst=74.208.220.222 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37727 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=49180 src=172.16.1.204 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=134 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=translate.googleapis.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=8.8.8.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931355000 externalId=32770 proto=17 reason=N/A requestClientApplication=DNS rt=1645931355000 spt=51766 src=172.16.1.126 start=1645931355000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.194.67 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931353000 externalId=32767 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931353000 spt=49483 src=10.1.104.153 start=1645931353000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1340 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.11.78 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934954000 externalId=37626 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934924000 spt=53591 src=10.1.69.234 start=1645934924000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=204.232.250.59 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934955000 externalId=37627 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934925000 spt=62734 src=10.1.95.74 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.0 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934955000 externalId=42310 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934925000 spt=57542 src=10.1.217.208 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.49.14.117 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36664 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934955000 spt=49377 src=10.1.2.7 start=1645934955000 suser=No Authentication Required +<13>Mar 04 20:50:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.49.14.117 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36663 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934955000 spt=49355 src=10.1.2.7 start=1645934955000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934956000 externalId=36667 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934956000 spt=60899 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934956000 externalId=42413 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934956000 spt=60901 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36667 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=60899 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=120 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934956000 externalId=37731 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=60900 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1367 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.28.9.93 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934957000 externalId=42312 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934927000 spt=49181 src=192.168.137.56 start=1645934927000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37731 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=60900 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42413 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=60901 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42411 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=56194 src=10.1.59.190 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36668 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934957000 spt=56242 src=10.1.59.190 start=1645934957000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934957000 externalId=42411 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=56194 src=10.1.59.190 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.28.9.93 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934957000 externalId=37630 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934927000 spt=49182 src=192.168.137.56 start=1645934927000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29957|SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt|7|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29957 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56257 proto=TCP requestClientApplication=Unknown rt=1645934956000 spt=60899 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29957|SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt|7|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29957 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.210.86.90 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122009 proto=TCP requestClientApplication=Unknown rt=1645934956000 spt=60901 src=10.1.255.38 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesOut=3456 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=157.56.134.97 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934958000 externalId=33272 proto=6 reason=N/A requestClientApplication=Web browser rt=1645932639000 spt=64452 src=172.16.133.54 start=1645932639000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesOut=394 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=157.56.134.97 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934958000 externalId=33271 proto=6 reason=N/A request=http://view.atdmt.com/MON/view/427992991/direct/01/ requestClientApplication=Firefox rt=1645932639000 spt=64451 src=172.16.133.54 start=1645932639000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|4|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56258 proto=TCP requestClientApplication=Unknown rt=1645934958000 spt=51443 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=P \| cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56258 rt=1645934958000 start=1645934958000 +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=1320 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934958000 externalId=36674 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934958000 spt=51443 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934937000 externalId=37640 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934937000 spt=31637 src=37.204.76.61 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37735 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934959000 spt=31637 src=37.204.76.61 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=91.225.248.129 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37736 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49285 src=10.1.191.88 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37733 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51440 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36671 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51435 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36673 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51437 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36672 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51436 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1764 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36670 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51430 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|4|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187712 proto=TCP requestClientApplication=Unknown rt=1645934959000 spt=49160 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= PO)#tP 7 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187712 rt=1645934959000 start=1645934959000 +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934959000 externalId=37737 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934959000 spt=49160 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934959000 externalId=36671 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51435 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=198.8.70.128 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37740 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49418 src=10.1.86.57 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.215.17.220 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934959000 externalId=42313 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934929000 spt=44344 src=10.1.3.249 start=1645934929000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934959000 externalId=36672 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51436 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2732 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934959000 externalId=37738 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49161 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.200.60.83 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42420 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934960000 spt=61609 src=10.1.202.246 start=1645934960000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=120 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.200.60.83 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934960000 externalId=42420 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934960000 spt=61609 src=10.1.202.246 start=1645934960000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.65.180.72 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37746 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934962000 spt=49183 src=172.16.5.203 start=1645934962000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=13570 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.4.163 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934961000 externalId=41538 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934359000 spt=49215 src=10.1.190.88 start=1645934359000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.80.154.224 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934961000 externalId=37633 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934931000 spt=57204 src=10.180.10.102 start=1645934931000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=18930 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.4.163 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934961000 externalId=41539 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934359000 spt=49216 src=10.1.190.88 start=1645934359000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=139.162.151.220 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934962000 externalId=36563 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934932000 spt=49939 src=10.1.116.125 start=1645934932000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.63.82.10 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42422 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934962000 spt=49194 src=10.1.76.243 start=1645934962000 suser=No Authentication Required +<13>Mar 04 20:50:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.239.201.14 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934963000 externalId=37635 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934933000 spt=49442 src=192.168.1.96 start=1645934933000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=65.54.225.167 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934964000 externalId=41540 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934362000 spt=49273 src=10.1.92.131 start=1645934362000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=65.54.225.167 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934964000 externalId=35795 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934362000 spt=49256 src=10.1.92.131 start=1645934362000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=31 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=23.239.201.14 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934963000 externalId=37636 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934933000 spt=49567 src=192.168.1.96 start=1645934933000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=91.190.219.143 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934965000 externalId=36564 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934935000 spt=49202 src=10.1.250.154 start=1645934935000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7029 dst=1.2.3.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934966000 externalId=42316 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934936000 spt=51303 src=10.2.4.20 start=1645934936000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.1.64.70 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934967000 externalId=36565 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934937000 spt=51865 src=107.191.46.222 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.191.46.222 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934967000 externalId=37639 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934936000 spt=61561 src=10.1.64.70 start=1645934936000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=194.206.163.58 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934968000 externalId=42318 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934937000 spt=52517 src=10.1.185.60 start=1645934937000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=174.129.208.196 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934969000 externalId=37641 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934938000 spt=49207 src=10.1.153.167 start=1645934938000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.235.40.193 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934970000 externalId=42319 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934940000 spt=49515 src=10.1.24.172 start=1645934940000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1369 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.235.40.193 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934970000 externalId=36569 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934940000 spt=49516 src=10.1.24.172 start=1645934940000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6881 dst=121.44.39.20 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934970000 externalId=41545 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934368000 spt=49909 src=10.1.85.163 start=1645934368000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1042 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.1.170 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37643 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=49231 src=10.1.5.32 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37644 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=49490 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934972000 externalId=42367 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51191 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36621 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=49569 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37695 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=49659 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37645 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=49492 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36623 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51151 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37696 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=49930 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36573 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=49487 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36622 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51150 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37697 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51156 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934972000 externalId=42369 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53305 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36624 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51365 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37652 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=53157 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36625 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53063 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37702 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53306 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36627 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53069 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36628 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53323 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934972000 externalId=37700 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53079 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934972000 externalId=42370 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53371 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934972000 externalId=36584 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934942000 spt=53304 src=10.1.238.219 start=1645934942000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934974000 externalId=37661 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57897 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934973000 externalId=42332 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=57893 src=10.1.109.249 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.51.123.27 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934974000 externalId=36590 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=49174 src=10.1.60.192 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.51.123.27 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934974000 externalId=36591 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934943000 spt=49175 src=10.1.60.192 start=1645934943000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934974000 externalId=36596 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57909 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.97 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934974000 externalId=42335 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=56532 src=172.16.133.121 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934974000 externalId=37669 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57923 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934974000 externalId=36600 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57913 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934975000 externalId=42343 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57930 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=212.149.50.54 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934974000 externalId=36603 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934944000 spt=57924 src=10.1.109.249 start=1645934944000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.235.43.249 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37750 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934975000 spt=49634 src=10.1.130.83 start=1645934975000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8082 dst=200.29.24.36 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934975000 externalId=37677 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934945000 spt=62339 src=10.1.135.152 start=1645934945000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934976000 externalId=36630 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53636 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.244.43.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934976000 externalId=37699 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=51139 src=10.1.4.115 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42375 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53795 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36632 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53766 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934977000 externalId=37705 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53728 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934976000 externalId=42373 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53611 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42378 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=52811 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36631 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53765 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934976000 externalId=37704 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934946000 spt=53618 src=10.1.238.219 start=1645934946000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934977000 externalId=37707 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53780 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42376 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53947 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36635 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53939 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934977000 externalId=37708 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53936 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36633 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53873 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36637 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=54054 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36639 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=49318 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36634 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53937 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36636 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=53940 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934977000 externalId=37712 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50500 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42384 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50501 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42385 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50507 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36641 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50499 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934977000 externalId=36642 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50502 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42386 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50514 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=14978 dst=124.195.167.175 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36688 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934977000 spt=59370 src=10.1.113.116 start=1645934977000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42391 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50731 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=20177 dst=95.19.65.246 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931380000 externalId=31660 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931380000 spt=59370 src=10.1.16.56 start=1645931380000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934977000 externalId=42390 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934947000 spt=50707 src=10.1.238.219 start=1645934947000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.232.70 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934978000 externalId=36647 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934948000 spt=50446 src=192.168.137.62 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.232.70 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934978000 externalId=42393 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934948000 spt=50445 src=192.168.137.62 start=1645934948000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36689 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934977000 spt=14978 src=124.195.167.175 start=1645934977000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.222.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934979000 externalId=36928 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934376000 spt=63406 src=10.1.38.128 start=1645934376000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=157.56.114.104 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934979000 externalId=42398 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934949000 spt=49221 src=10.1.146.56 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=157.56.114.104 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934979000 externalId=36648 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934949000 spt=49271 src=10.1.146.56 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.212.129 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934979000 externalId=37716 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934949000 spt=49346 src=10.1.128.217 start=1645934949000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=489 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37757 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934979000 spt=40026 src=157.56.52.20 start=1645934979000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40026 dst=157.56.52.20 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42430 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934979000 spt=34862 src=10.1.132.190 start=1645934979000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934980000 externalId=36650 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49182 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934980000 externalId=42400 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49185 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=66.151.158.187 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42433 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934980000 spt=63415 src=172.16.133.103 start=1645934980000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=180.211.86.138 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934981000 externalId=36652 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934951000 spt=49283 src=192.168.22.94 start=1645934951000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934980000 externalId=37719 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49187 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934980000 externalId=42401 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49188 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=187.17.111.99 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934980000 externalId=36651 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934950000 spt=49186 src=10.1.136.75 start=1645934950000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=138.108.7.20 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934981000 externalId=42402 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934951000 spt=57260 src=172.16.133.95 start=1645934951000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=28407 dst=178.36.141.250 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37759 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934983000 spt=59370 src=10.1.113.35 start=1645934983000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36691 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934983000 spt=28407 src=178.36.141.250 start=1645934983000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=23.95.169.235 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931387000 externalId=31670 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931387000 spt=123 src=10.180.10.102 start=1645931387000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=66 bytesOut=682 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=191.234.5.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931382000 externalId=31668 proto=6 reason=N/A request="http://api.bing.com/qsml.aspx?query=goog&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IESS02&market=en-US" requestClientApplication=Internet Explorer rt=1645931382000 spt=49161 src=192.168.137.239 start=1645931382000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=191.234.5.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931382000 externalId=32782 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931382000 spt=49166 src=192.168.137.239 start=1645931382000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=877 bytesOut=686 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=191.234.5.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931382000 externalId=32781 proto=6 reason=N/A request="http://api.bing.com/qsml.aspx?query=google.c&maxwidth=32765&rowheight=20§ionHeight=160&FORM=IESS02&market=en-US" requestClientApplication=Internet Explorer rt=1645931382000 spt=49165 src=192.168.137.239 start=1645931382000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|5|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.208.240.54 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56259 proto=TCP requestClientApplication=Unknown rt=1645934984000 spt=49306 src=10.1.169.201 start=1645934984000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=LZbP 04 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56259 rt=1645934984000 start=1645934984000 +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=2086 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.208.240.54 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934984000 externalId=36692 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645934984000 spt=49306 src=10.1.169.201 start=1645934984000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.208.240.54 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37761 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934984000 spt=49166 src=10.1.169.201 start=1645934984000 suser=No Authentication Required +<13>Mar 04 20:50:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.9.131 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934983000 externalId=37723 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=50183 src=10.1.114.225 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.9.131 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934983000 externalId=36656 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=50182 src=10.1.114.225 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.31.84.43 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934983000 externalId=36658 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=49231 src=10.1.164.162 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=95.100.140.168 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934984000 externalId=42407 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=49438 src=10.1.238.134 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.9.131 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934983000 externalId=36657 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934953000 spt=50184 src=10.1.114.225 start=1645934953000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.144.89.106 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934984000 externalId=37724 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=51946 src=10.1.14.98 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.144.89.106 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934984000 externalId=37725 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=52008 src=10.1.14.98 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.144.89.106 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934984000 externalId=37726 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=52009 src=10.1.14.98 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37762 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59502 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37764 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59506 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37765 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59507 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.144.89.106 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934984000 externalId=42408 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=51947 src=10.1.14.98 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.144.89.106 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934984000 externalId=42409 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=51948 src=10.1.14.98 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.144.89.106 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934984000 externalId=42410 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934954000 spt=51949 src=10.1.14.98 start=1645934954000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=loghost deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.58.128.30 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931385000 externalId=37587 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931385000 spt=32789 src=192.168.100.28 start=1645931385000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=74 bytesOut=536 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.0.110 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931384000 externalId=37586 proto=6 reason=N/A request="http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit" requestClientApplication=Firefox rt=1645931383000 spt=47626 src=10.1.135.91 start=1645931383000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42435 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59503 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934986000 externalId=37765 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59507 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.66.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934986000 externalId=36665 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=61289 src=10.1.224.210 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934986000 externalId=37764 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59506 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.66.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934986000 externalId=37729 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=61288 src=10.1.224.210 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.49.14.117 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934985000 externalId=37728 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934955000 spt=49376 src=10.1.2.7 start=1645934955000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934986000 externalId=37762 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59502 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=21934 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934986000 externalId=37730 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=56168 src=10.1.59.190 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=154 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934987000 externalId=37732 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934957000 spt=56241 src=10.1.59.190 start=1645934957000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=34589 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934986000 externalId=36666 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=56162 src=10.1.59.190 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=21780 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934986000 externalId=42412 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934956000 spt=56240 src=10.1.59.190 start=1645934956000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5938 dst=184.172.60.198 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934987000 externalId=42414 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934957000 spt=49168 src=10.1.248.110 start=1645934957000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.2.237 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934987000 externalId=36668 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934957000 spt=56242 src=10.1.59.190 start=1645934957000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=620 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.92.167 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934988000 externalId=42415 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51434 src=10.1.108.133 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=108.61.73.244 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42437 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934987000 spt=123 src=10.180.10.102 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=56149 dst=86.52.191.166 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934988000 externalId=36669 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934958000 spt=51888 src=10.1.198.32 start=1645934958000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.159.200.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934530000 externalId=41874 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934530000 spt=123 src=10.180.10.102 start=1645934530000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.159.200.123 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42441 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934989000 spt=123 src=10.180.10.102 start=1645934989000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=2.21.242.10 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42440 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934989000 spt=54140 src=10.0.2.15 start=1645934989000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2880 bytesOut=372 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.79.220 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931387000 externalId=32786 proto=6 reason=N/A request=https://www.facebook.com requestClientApplication=SSL client rt=1645931387000 spt=36654 src=172.16.181.133 start=1645931387000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934989000 externalId=37739 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49166 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934989000 externalId=42416 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49162 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934989000 externalId=42417 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49164 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.34 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931388000 externalId=32787 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931388000 spt=63371 src=10.1.95.251 start=1645931388000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.200.60.83 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934990000 externalId=37741 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934960000 spt=61610 src=10.1.202.246 start=1645934960000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934989000 externalId=36676 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49163 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1981 bytesOut=763 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.79.220 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931387000 externalId=32785 proto=6 reason=N/A request=https://www.facebook.com requestClientApplication=SSL client rt=1645931387000 spt=36651 src=172.16.181.133 start=1645931387000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=198.8.70.128 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934990000 externalId=42419 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49419 src=10.1.86.57 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=64 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934990000 externalId=36698 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=34862 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=44578 dst=109.191.143.169 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931389000 externalId=32788 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931389000 spt=59370 src=10.1.69.171 start=1645931389000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=64 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36698 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=34862 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.14.166.10 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934989000 externalId=42418 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934959000 spt=49165 src=10.1.82.133 start=1645934959000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=64 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.1.211.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36699 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=58836 src=89.103.133.9 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=202.173.25.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931390000 externalId=37593 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931390000 spt=61020 src=10.1.180.54 start=1645931390000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=202.173.25.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931390000 externalId=31674 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931390000 spt=61014 src=10.1.180.54 start=1645931390000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.211.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934991000 externalId=37744 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934961000 spt=65298 src=10.1.69.57 start=1645934961000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=61.245.142.233 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931391000 externalId=31675 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931391000 spt=63448 src=10.1.244.3 start=1645931391000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934990000 externalId=37743 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934960000 spt=49159 src=10.1.100.239 start=1645934960000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.79.197.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934990000 externalId=37742 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934960000 spt=49160 src=10.1.100.239 start=1645934960000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.198 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934398000 externalId=36956 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934398000 spt=123 src=10.180.10.102 start=1645934398000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.198 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37776 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934991000 spt=123 src=10.180.10.102 start=1645934991000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=283 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns1.giga.net.tw deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=203.73.24.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931392000 externalId=32797 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931392000 spt=32789 src=10.1.101.102 start=1645931392000 suser=No Authentication Required +<13>Mar 04 20:50:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=10.1.53.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934991000 externalId=37745 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934961000 spt=51865 src=107.191.46.222 start=1645934961000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.170.112 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934992000 externalId=36946 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934389000 spt=60676 src=172.16.133.73 start=1645934389000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.191.46.222 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934991000 externalId=42421 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934961000 spt=61561 src=10.1.53.1 start=1645934961000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=194.58.207.148 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931481000 externalId=37603 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931481000 spt=123 src=10.180.10.102 start=1645931481000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=50.16.196.229 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934993000 externalId=37747 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934963000 spt=50498 src=192.168.137.62 start=1645934963000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=50.16.196.229 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934993000 externalId=36677 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934963000 spt=50497 src=192.168.137.62 start=1645934963000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=157.56.241.118 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934992000 externalId=42423 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934962000 spt=57554 src=172.16.133.71 start=1645934962000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=173.249.33.207 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931507000 externalId=37607 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931507000 spt=123 src=10.180.10.102 start=1645931507000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=64.113.44.55 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931417000 externalId=32807 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931417000 spt=123 src=10.180.10.102 start=1645931417000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=95.101.1.224 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36704 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934994000 spt=52077 src=10.1.164.241 start=1645934994000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=82.64.50.120 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931517000 externalId=32818 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931517000 spt=63448 src=10.1.244.243 start=1645931517000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.73.26 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37781 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934995000 spt=59377 src=172.16.133.16 start=1645934995000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.73.26 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37783 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934995000 spt=59380 src=172.16.133.16 start=1645934995000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.73.26 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42448 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934995000 spt=59378 src=172.16.133.16 start=1645934995000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37784 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934996000 spt=43493 src=183.188.48.187 start=1645934996000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=43493 dst=183.188.48.187 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42450 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934996000 spt=59370 src=10.1.33.7 start=1645934996000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=58 bytesOut=3148 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.173.190.13 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931397000 externalId=31687 proto=6 reason=N/A requestClientApplication=Web browser rt=1645931397000 spt=60506 src=10.1.245.218 start=1645931397000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934997000 externalId=42424 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934967000 spt=39586 src=10.180.10.102 start=1645934967000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=130 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40013 dst=64.4.23.168 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42451 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=34862 src=10.1.78.62 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37785 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40013 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36706 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40029 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=133 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40002 dst=64.4.23.168 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42452 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=34862 src=10.1.78.62 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40012 dst=64.4.23.168 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36707 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=34862 src=10.1.78.62 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934998000 externalId=37786 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40002 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40029 dst=64.4.23.168 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37788 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=34862 src=10.1.78.62 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42454 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40012 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37786 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40002 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37789 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40011 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40011 dst=64.4.23.168 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42453 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=34862 src=10.1.78.62 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934998000 externalId=36706 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=40029 src=64.4.23.168 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40029 dst=64.4.23.168 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934998000 externalId=37788 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934998000 spt=34862 src=10.1.78.62 start=1645934998000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.209.208 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42455 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934999000 spt=49977 src=10.1.215.174 start=1645934999000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=856 bytesOut=860 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.209.208 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934999000 externalId=42455 proto=6 reason=N/A request=http://storage.googleapis.com/update-delta/hnimpnehoodheedghdeeijklkeaacbdc/0.46.0.4/0.44.33.1242/e8ccdb545feef8def653c78bf81e5d95415e943d993bd233d7f878acce9d637a.crxd requestClientApplication=Chrome rt=1645934999000 spt=49977 src=10.1.215.174 start=1645934999000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.36.113.23 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42457 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935000000 spt=49594 src=192.168.1.95 start=1645935000000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|4|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56260 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|6|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56262 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:31767|SERVER-OTHER MRLG fastping echo reply memory corruption attempt|6|act=Blocked app=ICMP cat=An Attempted Login Using a Suspicious Username was Detected cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=31767 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56261 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:31767|SERVER-OTHER MRLG fastping echo reply memory corruption attempt|4|act=Blocked app=ICMP cat=An Attempted Login Using a Suspicious Username was Detected cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=31767 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56263 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= \\L q  t cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56260 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= d  HO cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56262 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= d n   cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56261 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= d  HO cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56263 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|4|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122010 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:31767|SERVER-OTHER MRLG fastping echo reply memory corruption attempt|6|act=Blocked app=ICMP cat=An Attempted Login Using a Suspicious Username was Detected cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=31767 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122011 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:31767|SERVER-OTHER MRLG fastping echo reply memory corruption attempt|6|act=Blocked app=ICMP cat=An Attempted Login Using a Suspicious Username was Detected cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=31767 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187714 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= \\ l  cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122010 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= d l  cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122011 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29456|PROTOCOL-ICMP Unusual PING detected|4|act=Blocked app=ICMP cat=Known malicious file or file based exploit cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29456 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187713 proto=ICMP requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= \\ n   cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187713 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= d m   cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187714 rt=1645935001000 start=1645935001000 +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935001000 externalId=42458 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935001000 externalId=37792 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645935001000 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935001000 externalId=36715 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645935001000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935001000 externalId=36714 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37791 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42461 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645935001000 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=214 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17000 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42470 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=61345 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61345 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42467 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=1967 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=58 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42468 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=61932 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1967 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42466 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=61345 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.210.131 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935001000 externalId=35838 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934399000 spt=49921 src=10.1.45.223 start=1645934399000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=428 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17000 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935001000 externalId=42470 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=61345 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57034 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37798 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=1967 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63727 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37799 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=17000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63727 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935001000 externalId=37799 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=17000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=58791 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36719 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=1967 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36715 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645935001000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=214 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61345 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36723 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=17000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1967 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36716 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=57034 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36714 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645935001000 spt=8 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63727 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36720 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=1967 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1967 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36718 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=63727 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=284 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17000 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935001000 externalId=36722 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=63727 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=17000 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36722 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=63727 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=94 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1967 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36717 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=58791 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=856 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61345 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935001000 externalId=36723 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=17000 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=58 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61932 dst=10.1.52.126 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36721 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=7 src=172.16.133.233 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.26 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935002000 externalId=37749 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934972000 spt=57482 src=10.180.10.102 start=1645934972000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36727 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935003000 spt=7121 src=182.235.141.206 start=1645935003000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7121 dst=182.235.141.206 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37801 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935003000 spt=59370 src=10.1.124.132 start=1645935003000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42472 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935004000 spt=64764 src=10.1.51.192 start=1645935004000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36729 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935004000 spt=64787 src=10.1.51.192 start=1645935004000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1420 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.235.43.249 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935005000 externalId=37751 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934975000 spt=49840 src=10.1.130.83 start=1645934975000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42474 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935006000 spt=18028 src=123.243.63.65 start=1645935006000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18028 dst=123.243.63.65 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42473 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935006000 spt=59370 src=10.1.243.42 start=1645935006000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.60 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935007000 externalId=42429 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934976000 spt=64381 src=10.1.105.184 start=1645934976000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.20 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935007000 externalId=36687 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934977000 spt=60560 src=10.180.10.102 start=1645934977000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=269 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=adsl-34-7-154.mia.bellsouth.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.152.0.20 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42477 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935008000 spt=32789 src=10.1.88.232 start=1645935008000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=634 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935009000 externalId=42478 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935009000 spt=18957 src=83.41.191.124 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42478 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935009000 spt=18957 src=83.41.191.124 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=429 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18957 dst=83.41.191.124 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935009000 externalId=36733 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935009000 spt=59370 src=10.1.26.28 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=18957 dst=83.41.191.124 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36733 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935009000 spt=59370 src=10.1.26.28 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50101 dst=87.92.98.148 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935010000 externalId=35857 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934408000 spt=49911 src=10.1.163.164 start=1645934408000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=66.151.158.187 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935011000 externalId=42432 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934980000 spt=63411 src=172.16.133.103 start=1645934980000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=209.126.83.42 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42480 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935011000 spt=123 src=10.180.10.102 start=1645935011000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=3.16.103.63 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935012000 externalId=37758 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934982000 spt=50028 src=172.16.3.122 start=1645934982000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1796 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=69.25.109.173 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935013000 externalId=36988 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934410000 spt=41451 src=172.16.45.172 start=1645934410000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.21 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935012000 externalId=36690 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934982000 spt=38322 src=10.180.10.102 start=1645934982000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=2784 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57228 dst=10.1.136.216 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935013000 externalId=36737 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935013000 spt=443 src=173.194.122.25 start=1645935013000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.25 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36736 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645935013000 spt=57228 src=10.1.136.216 start=1645935013000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57228 dst=10.1.136.216 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36737 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935013000 spt=443 src=173.194.122.25 start=1645935013000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.25 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935013000 externalId=36736 proto=17 reason=N/A request=https://www.googleadservices.com requestClientApplication=QUIC client rt=1645935013000 spt=57228 src=10.1.136.216 start=1645935013000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=565 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935015000 externalId=42436 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59504 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=5862 bytesOut=1108 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=213.248.113.25 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935014000 externalId=37809 proto=6 reason=N/A request=https://fbcdn-photos-c-a.akamaihd.net requestClientApplication=SSL client rt=1645935014000 spt=51362 src=10.1.66.49 start=1645935014000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=213.248.113.25 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37809 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935014000 spt=51362 src=10.1.66.49 start=1645935014000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.0.49.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935015000 externalId=37763 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934985000 spt=59505 src=172.16.133.78 start=1645934985000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=5.189.170.24 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37810 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935015000 spt=49279 src=10.192.1.157 start=1645935015000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=116.250.191.82 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36740 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935016000 spt=52938 src=192.168.22.94 start=1645935016000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=31571 dst=37.112.41.113 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935018000 externalId=36743 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645935018000 spt=59370 src=10.1.64.119 start=1645935018000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935017000 externalId=37766 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59495 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36741 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935017000 spt=15981 src=109.185.40.138 start=1645935017000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935018000 externalId=37771 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59503 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935017000 externalId=37770 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59501 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=31571 dst=37.112.41.113 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36743 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935018000 spt=59370 src=10.1.64.119 start=1645935018000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935017000 externalId=36696 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59499 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935017000 externalId=37769 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59500 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935017000 externalId=36695 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59498 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=381 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36744 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935018000 spt=31571 src=37.112.41.113 start=1645935018000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935018000 externalId=37772 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59504 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935017000 externalId=36697 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59502 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=15981 dst=109.185.40.138 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42483 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935017000 spt=59370 src=10.1.189.108 start=1645935017000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935017000 externalId=42438 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59496 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.13.132.240 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935017000 externalId=36694 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934987000 spt=59497 src=10.1.67.139 start=1645934987000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=381 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934082000 externalId=35378 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934082000 spt=31571 src=37.112.41.113 start=1645934082000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=52.203.110.190 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36745 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935019000 spt=49189 src=10.1.212.166 start=1645935019000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|7|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=31571 dst=37.112.41.113 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56264 proto=UDP requestClientApplication=BitTorrent rt=1645935018000 spt=59370 src=10.1.64.119 start=1645935018000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1={S psd1:ad2:id20:HkPHaS.T^RY9:info_hash20:6L\|53b1e1:q9:get_peers1:t2:%1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56264 rt=1645935018000 start=1645935018000 +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935020000 externalId=42442 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=51483 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935020000 externalId=37774 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=51810 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935020000 externalId=37773 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=51698 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935020000 externalId=42443 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=52612 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935020000 externalId=37775 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934990000 spt=52299 src=10.1.211.126 start=1645934990000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2278 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=12.133.50.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935021000 externalId=36999 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934418000 spt=50156 src=10.1.154.192 start=1645934418000 suser=No Authentication Required +<13>Mar 04 20:50:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.192.249 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42484 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935021000 spt=64484 src=172.16.133.54 start=1645935021000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5211 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.192.249 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36746 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935021000 spt=64482 src=172.16.133.54 start=1645935021000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42485 proto=17 reason=Intrusion Block requestClientApplication=DNS rt=1645935022000 spt=58728 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.163.228 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=41651 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934420000 spt=51130 src=10.1.184.133 start=1645934420000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935022000 externalId=36700 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=52805 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=102 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37811 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=60067 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42444 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=52918 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42485 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=58728 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935022000 externalId=36701 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=52896 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42486 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=63378 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=appleid.apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37812 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=51882 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sr.symcd.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36747 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=60027 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935022000 externalId=37779 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=53037 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sr.symcd.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935022000 externalId=36747 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=60027 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sr.symcd.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=60027 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36748 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58728 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42487 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mesu.apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37813 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=53046 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=36-courier.push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42488 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=60310 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=36-courier.push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42488 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=60310 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=82 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=192.168.137.108essList deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37814 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=63174 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935022000 externalId=36702 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=53088 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=gateway.icloud.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36749 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=53232 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=312 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=36-courier.push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=60310 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42490 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935022000 externalId=36703 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=53124 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=128 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.max-headroom.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37816 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=53563 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=api-glb-hou.smoot.apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37815 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=58344 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=time-macos.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42492 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=61881 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.64.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935023000 externalId=37005 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934420000 spt=56079 src=172.16.133.207 start=1645934420000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=69 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42491 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=50456 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42493 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=62674 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.64.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935023000 externalId=37006 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934420000 spt=56085 src=172.16.133.207 start=1645934420000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1-courier.push.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42495 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=63532 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.64.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935023000 externalId=37007 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934420000 spt=56091 src=172.16.133.207 start=1645934420000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=1-courier.sandbox.push.apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42494 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=52077 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.apple.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42493 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=62674 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=193 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=time-macos.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=61881 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42498 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.max-headroom.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42499 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=52656 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=224 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=62674 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42497 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=time-macos.apple.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42492 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=61881 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_kerberos._udp.MAX-HEADROOM.COM deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42501 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=53468 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_kerberos._udp.MAX-HEADROOM.COM deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42501 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=53468 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.max-headroom.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42499 proto=17 reason=N/A requestClientApplication=DNS rt=1645935022000 spt=52656 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=155 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.max-headroom.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52656 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42500 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=159 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_kerberos._udp.MAX-HEADROOM.COM deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53468 dst=172.16.1.149 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42502 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935022000 spt=53 src=172.16.1.4 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935022000 externalId=42445 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934992000 spt=53336 src=10.1.211.126 start=1645934992000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:25080|APP-DETECT Apple Messages push.apple.com DNS TXT request attempt|9|act=Blocked app=Unknown cat=Misc Activity cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=25080 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.1.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122012 proto=UDP requestClientApplication=DNS rt=1645935022000 spt=58728 src=172.16.1.149 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=h 5 (q  pushapplecom   cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122012 rt=1645935022000 start=1645935022000 +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=157.56.234.137 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42503 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935023000 spt=64737 src=172.16.133.44 start=1645935023000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.58 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935024000 externalId=41655 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934421000 spt=56515 src=10.1.121.240 start=1645934421000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58836 dst=89.103.133.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935023000 externalId=42446 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934993000 spt=57064 src=10.1.211.126 start=1645934993000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3099 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.73.26 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935025000 externalId=42447 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934995000 spt=59376 src=172.16.133.16 start=1645934995000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=89.1.11.151 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935025000 externalId=41658 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934423000 spt=49226 src=10.1.74.153 start=1645934423000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=50.31.164.175 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935025000 externalId=35903 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934423000 spt=63927 src=10.1.15.72 start=1645934423000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=4927 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=89.1.11.151 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935025000 externalId=37011 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934423000 spt=49227 src=10.1.74.153 start=1645934423000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3255 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=89.1.11.151 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935025000 externalId=35905 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934423000 spt=49228 src=10.1.74.153 start=1645934423000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.73.26 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935025000 externalId=37782 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934995000 spt=59379 src=172.16.133.16 start=1645934995000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.178.147.23 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42504 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935025000 spt=49188 src=172.16.45.52 start=1645935025000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42505 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935026000 spt=25251 src=174.64.11.51 start=1645935026000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25251 dst=174.64.11.51 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36753 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935026000 spt=59370 src=10.1.214.251 start=1645935026000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36755 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935027000 spt=41696 src=110.175.174.174 start=1645935027000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=41696 dst=110.175.174.174 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36754 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935027000 spt=59370 src=10.1.236.234 start=1645935027000 suser=No Authentication Required +<13>Mar 04 20:50:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=208 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=89.236.168.125 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935028000 externalId=37819 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645935028000 spt=63448 src=10.1.34.172 start=1645935028000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=89.236.168.125 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37820 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935028000 spt=49901 src=10.1.34.172 start=1645935028000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=89.236.168.125 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37819 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935028000 spt=63448 src=10.1.34.172 start=1645935028000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesIn=282 bytesOut=409 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=89.236.168.125 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935028000 externalId=37820 proto=6 reason=N/A requestClientApplication=BitTorrent rt=1645935028000 spt=49901 src=10.1.34.172 start=1645935028000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|8|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=89.236.168.125 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187715 proto=UDP requestClientApplication=BitTorrent rt=1645935028000 spt=63448 src=10.1.34.172 start=1645935028000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= p>\"d1:ad2:id20:oyHLlJwj9:info_hash20:X\][ms}e1:q9:get_peers1:t2:O1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187715 rt=1645935028000 start=1645935028000 +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=270 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.159.200.1 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933950000 externalId=40814 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933817000 spt=123 src=10.180.10.102 start=1645933817000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36757 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935030000 spt=6881 src=62.107.141.157 start=1645935030000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6881 dst=62.107.141.157 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36756 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935030000 spt=59370 src=10.1.14.95 start=1645935030000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.159.200.1 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42508 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935030000 spt=123 src=10.180.10.102 start=1645935030000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.36.113.23 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935030000 externalId=42456 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935000000 spt=49593 src=192.168.1.95 start=1645935000000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.16.133.233 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935031000 externalId=42469 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935001000 spt=22318 src=172.16.125.220 start=1645935001000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.183.248.197 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36758 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935031000 spt=49743 src=192.168.1.95 start=1645935031000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=209.15.36.31 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37823 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935032000 spt=46003 src=10.1.171.87 start=1645935032000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=209.15.36.31 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36759 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935032000 spt=46002 src=10.1.171.87 start=1645935032000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=352 bytesOut=206 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=209.15.36.31 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935032000 externalId=36759 proto=6 reason=N/A requestClientApplication=Web browser rt=1645935032000 spt=46002 src=10.1.171.87 start=1645935032000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935034000 externalId=37802 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935004000 spt=64769 src=10.1.51.192 start=1645935004000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935034000 externalId=36728 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935004000 spt=64775 src=10.1.51.192 start=1645935004000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.34 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935034000 externalId=37033 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934432000 spt=53082 src=10.1.208.65 start=1645934432000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36763 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49173 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.26 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37828 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=59120 src=172.16.133.78 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:50:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=6578 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.21.255.53 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935035000 externalId=36730 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935005000 spt=64755 src=172.16.133.54 start=1645935005000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=ICMP bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3 dst=172.16.133.234 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37829 proto=1 reason=N/A requestClientApplication=ICMP client rt=1645935035000 spt=3 src=50.78.11.102 start=1645935035000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:402|PROTOCOL-ICMP destination unreachable port unreachable packet detected|2|act=Blocked app=ICMP cat=A System Call was Detected cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=402 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3 dst=172.16.133.234 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187716 proto=ICMP requestClientApplication=ICMP client rt=1645935035000 spt=3 src=50.78.11.102 start=1645935035000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49153 dst=50.78.11.102 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42515 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935035000 spt=49151 src=172.16.133.234 start=1645935035000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=1514 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49154 dst=50.78.11.102 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36765 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935035000 spt=49151 src=172.16.133.234 start=1645935035000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=ICMP bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=3 dst=172.16.133.234 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935035000 externalId=37829 proto=1 reason=Intrusion Block requestClientApplication=ICMP client rt=1645935035000 spt=3 src=50.78.11.102 start=1645935035000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.235.102.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122013 proto=TCP requestClientApplication=Unknown rt=1645935036000 spt=50238 src=172.16.3.122 start=1645935036000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|7|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122015 proto=UDP requestClientApplication=BitTorrent rt=1645935037000 spt=39052 src=59.11.225.233 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|8|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=39052 dst=59.11.225.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122014 proto=UDP requestClientApplication=BitTorrent rt=1645935037000 spt=63448 src=10.1.154.173 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=>)cI~ P *c cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122013 rt=1645935036000 start=1645935036000 +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= p d1:ad2:id20:ma2.8&9:info_hash20:@y:XnYIQe1:q9:get_peers1:t2:'1:v4:LT1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122015 rt=1645935037000 start=1645935037000 +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= p d1:ad2:id20:oyHLlJwj9:info_hash20:LPq~ne1:q9:get_peers1:t2:c1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122014 rt=1645935037000 start=1645935037000 +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.212.108.191 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935037000 externalId=42475 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935007000 spt=63089 src=10.1.84.249 start=1645935007000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=352 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42518 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935037000 spt=39052 src=59.11.225.233 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=39052 dst=59.11.225.233 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42517 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935037000 spt=63448 src=10.1.154.173 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.212.108.191 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935037000 externalId=42476 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935007000 spt=63090 src=10.1.84.249 start=1645935007000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.235.102.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935036000 externalId=42516 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935036000 spt=50238 src=172.16.3.122 start=1645935036000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=39052 dst=59.11.225.233 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935037000 externalId=42517 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645935037000 spt=63448 src=10.1.154.173 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=1202 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935037000 externalId=42518 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645935037000 spt=39052 src=59.11.225.233 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=41403 dst=82.31.126.249 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36769 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935038000 spt=59370 src=10.1.240.227 start=1645935038000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36770 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935038000 spt=41403 src=82.31.126.249 start=1645935038000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.212.108.191 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935039000 externalId=37805 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935009000 spt=63112 src=10.1.84.249 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.212.108.191 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935039000 externalId=36731 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935009000 spt=63109 src=10.1.84.249 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.212.108.191 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935039000 externalId=36732 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935009000 spt=63110 src=10.1.84.249 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.211.160.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935038000 externalId=42521 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935038000 spt=49191 src=172.16.4.193 start=1645935038000 suser=No Authentication Required +<13>Mar 04 20:50:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.212.108.191 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935039000 externalId=37804 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935009000 spt=63111 src=10.1.84.249 start=1645935009000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=14679 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.211.160.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935038000 externalId=42520 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935038000 spt=49190 src=172.16.4.193 start=1645935038000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.224.160.214 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935040000 externalId=42529 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935040000 spt=49704 src=10.1.229.38 start=1645935040000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.224.160.214 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935040000 externalId=36773 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935040000 spt=49703 src=10.1.229.38 start=1645935040000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=738 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.30.228.58 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935040000 externalId=41688 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934437000 spt=49910 src=10.1.92.210 start=1645934437000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.30.228.58 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935040000 externalId=41687 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934437000 spt=49905 src=10.1.92.210 start=1645934437000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1347 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.83.196.91 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935041000 externalId=41690 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934439000 spt=50220 src=10.1.55.110 start=1645934439000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50343 dst=101.179.82.252 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37837 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935041000 spt=34862 src=10.1.54.155 start=1645935041000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.86.213.195 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935040000 externalId=37806 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935010000 spt=63264 src=10.1.25.33 start=1645935010000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.86.213.195 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935040000 externalId=37807 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935010000 spt=63265 src=10.1.25.33 start=1645935010000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=68 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37838 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935041000 spt=50343 src=101.179.82.252 start=1645935041000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=68 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935041000 externalId=37838 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935041000 spt=50343 src=101.179.82.252 start=1645935041000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50343 dst=101.179.82.252 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935041000 externalId=37837 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935041000 spt=34862 src=10.1.54.155 start=1645935041000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.39.3 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935041000 externalId=42481 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935011000 spt=49165 src=192.168.137.81 start=1645935011000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37844 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54088 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37842 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54079 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.39.3 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935041000 externalId=36735 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935011000 spt=49166 src=192.168.137.81 start=1645935011000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36780 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54092 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42530 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54074 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42532 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54076 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42535 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54082 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36778 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54080 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.171.85.114 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42537 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=53496 src=10.1.166.205 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42534 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54083 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42536 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54090 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=85.87.241.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935042000 externalId=42538 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935042000 spt=59370 src=10.1.121.56 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=85.87.241.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42538 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935042000 spt=59370 src=10.1.121.56 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=46.137.90.8 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935042000 externalId=37808 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935012000 spt=64559 src=10.1.54.199 start=1645935012000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.89 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37851 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49257 src=10.1.253.207 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1737 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.89 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935043000 externalId=37852 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49283 src=10.1.253.207 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.89 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36782 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49258 src=10.1.253.207 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.183.248.197 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935031000 externalId=36758 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935031000 spt=49743 src=192.168.1.95 start=1645935031000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=846 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.89 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935043000 externalId=36785 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49349 src=10.1.253.207 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.89 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36784 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49284 src=10.1.253.207 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.139.205 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935043000 externalId=35956 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934441000 spt=53653 src=10.1.99.22 start=1645934441000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.12.162 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37853 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49208 src=10.1.37.92 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.70.84 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935044000 externalId=42540 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935044000 spt=53152 src=10.1.35.197 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=4020 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935043000 externalId=42482 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935013000 spt=50448 src=10.1.136.216 start=1645935013000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37855 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=54790 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:50:57 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37856 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55836 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.70.84 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42540 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=53152 src=10.1.35.197 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37859 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55840 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13719|SERVER-ORACLE database username buffer overflow|7|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13719 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.70.84 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122016 proto=TCP requestClientApplication=Unknown rt=1645935044000 spt=53152 src=10.1.35.197 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=58 bytesOut=128 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=37.58.79.176 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935045000 externalId=36788 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935045000 spt=49244 src=10.1.43.51 start=1645935045000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42542 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935045000 spt=58031 src=188.124.92.254 start=1645935045000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=37.58.79.176 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36788 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935045000 spt=49244 src=10.1.43.51 start=1645935045000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=58031 dst=188.124.92.254 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37860 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935045000 spt=59370 src=10.1.86.4 start=1645935045000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13719|SERVER-ORACLE database username buffer overflow|7|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13719 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=37.58.79.176 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56265 proto=TCP requestClientApplication=Unknown rt=1645935045000 spt=49244 src=10.1.43.51 start=1645935045000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2548 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=5.189.170.24 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935045000 externalId=36739 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935015000 spt=49278 src=10.192.1.157 start=1645935015000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.67.33.204 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935047000 externalId=36742 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935017000 spt=34474 src=10.180.10.102 start=1645935017000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=168.63.15.132 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935047000 externalId=35973 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934445000 spt=49255 src=10.1.219.14 start=1645934445000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3668 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.244.43.48 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935049000 externalId=41719 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934446000 spt=49882 src=10.1.181.124 start=1645934446000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=208.67.72.50 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42544 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935051000 spt=123 src=10.180.10.102 start=1645935051000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.9.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935052000 externalId=42496 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935022000 spt=51992 src=10.180.10.102 start=1645935022000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=157.56.234.137 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935053000 externalId=36751 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935023000 spt=64727 src=172.16.133.44 start=1645935023000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.55.169.202 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36791 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935054000 spt=51737 src=172.16.1.141 start=1645935054000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=66.228.59.187 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42545 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935055000 spt=123 src=10.180.10.102 start=1645935055000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2797 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=94.23.50.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935054000 externalId=37817 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935024000 spt=49225 src=172.16.1.201 start=1645935024000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1363 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=94.23.50.33 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935054000 externalId=36752 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935024000 spt=49226 src=172.16.1.201 start=1645935024000 suser=No Authentication Required +<13>Mar 04 20:50:58 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.71.121.194 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935055000 externalId=37093 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934453000 spt=52095 src=10.1.135.12 start=1645934453000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.71.121.194 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935055000 externalId=41743 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934453000 spt=52003 src=10.1.135.12 start=1645934453000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.178.147.23 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935055000 externalId=37818 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935025000 spt=49187 src=172.16.45.52 start=1645935025000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=93.184.220.74 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37863 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935056000 spt=49350 src=10.1.156.223 start=1645935056000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=93.184.220.74 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37864 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935056000 spt=49351 src=10.1.156.223 start=1645935056000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=93.184.220.74 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935057000 externalId=37863 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935056000 spt=49350 src=10.1.156.223 start=1645935056000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=93.184.220.74 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935057000 externalId=37864 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935056000 spt=49351 src=10.1.156.223 start=1645935056000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.10.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935057000 externalId=42506 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935027000 spt=59098 src=10.180.10.102 start=1645935027000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.173.190.13 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36794 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935058000 spt=60506 src=10.1.139.112 start=1645935058000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.189.27.250 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935059000 externalId=42507 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935029000 spt=49264 src=10.1.240.15 start=1645935029000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1269 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.32 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935060000 externalId=41761 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934457000 spt=61230 src=10.1.235.173 start=1645934457000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=40381 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.32 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935060000 externalId=37107 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934457000 spt=61219 src=10.1.235.173 start=1645934457000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.32 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935060000 externalId=41771 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934457000 spt=61245 src=10.1.235.173 start=1645934457000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=9778 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.32 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935060000 externalId=37106 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934457000 spt=61213 src=10.1.235.173 start=1645934457000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.183.248.197 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935061000 externalId=37821 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935031000 spt=49741 src=192.168.1.95 start=1645935031000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=19767 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.32 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935060000 externalId=41772 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934458000 spt=61325 src=10.1.235.173 start=1645934458000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.183.248.197 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935061000 externalId=36783 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935043000 spt=49743 src=192.168.1.95 start=1645935043000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.162.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935062000 externalId=37868 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935062000 spt=56123 src=10.1.33.94 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.162.94 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37867 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935062000 spt=56122 src=10.1.33.94 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.162.94 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42547 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935062000 spt=56128 src=10.1.33.94 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:50:59 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=142 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=843 dst=54.85.162.94 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36795 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935062000 spt=56127 src=10.1.33.94 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.162.94 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37868 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935062000 spt=56123 src=10.1.33.94 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1420 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=195.113.232.80 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935063000 externalId=36761 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49395 src=10.1.152.120 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=195.113.232.80 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935063000 externalId=42509 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49403 src=10.1.152.120 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29957|SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt|8|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29957 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.162.94 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187717 proto=TCP requestClientApplication=Unknown rt=1645935062000 spt=56123 src=10.1.33.94 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935063000 externalId=37824 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49175 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.79.214.0 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935064000 externalId=37825 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=57403 src=10.1.100.185 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935063000 externalId=36763 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49173 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935063000 externalId=42511 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49174 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935063000 externalId=42510 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49171 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.79.214.0 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935064000 externalId=37826 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=57404 src=10.1.100.185 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935063000 externalId=36762 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49172 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.79.214.0 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935064000 externalId=42513 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=57402 src=10.1.100.185 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.79.214.0 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935064000 externalId=37827 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=57405 src=10.1.100.185 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.79.214.0 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935064000 externalId=42512 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=57401 src=10.1.100.185 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.100.103 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935063000 externalId=36764 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935033000 spt=49176 src=10.1.158.117 start=1645935033000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.79.214.0 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935064000 externalId=42514 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935034000 spt=57406 src=10.1.100.185 start=1645935034000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=7898 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.193.163 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935065000 externalId=36767 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935035000 spt=49238 src=10.1.190.175 start=1645935035000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=30124 dst=172.31.1.4 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36798 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935066000 spt=34862 src=10.1.70.196 start=1645935066000 suser=No Authentication Required +<13>Mar 04 20:51:00 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=30124 dst=172.31.1.4 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935066000 externalId=36798 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935066000 spt=34862 src=10.1.70.196 start=1645935066000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=92.123.196.84 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935067000 externalId=37831 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935037000 spt=49276 src=10.1.241.14 start=1645935037000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=165 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=210.94.0.7 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42551 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935067000 spt=32789 src=10.1.72.203 start=1645935067000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=52.27.0.191 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935068000 externalId=36768 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935038000 spt=50418 src=172.16.3.122 start=1645935038000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11378 dst=152.78.243.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935069000 externalId=37833 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=49618 src=10.1.50.59 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11378 dst=152.78.243.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935069000 externalId=37832 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=49588 src=10.1.50.59 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.62.92.47 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935069000 externalId=42525 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=43254 src=10.1.186.119 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11378 dst=152.78.243.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935069000 externalId=36771 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=49595 src=10.1.50.59 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.62.92.47 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935069000 externalId=42524 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=43253 src=10.1.186.119 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11378 dst=152.78.243.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935069000 externalId=42527 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=49609 src=10.1.50.59 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.62.92.47 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935069000 externalId=42522 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=43251 src=10.1.186.119 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.62.92.47 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935069000 externalId=42523 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=43252 src=10.1.186.119 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11378 dst=152.78.243.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935069000 externalId=36772 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=49603 src=10.1.50.59 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11378 dst=152.78.243.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935069000 externalId=42526 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935039000 spt=49578 src=10.1.50.59 start=1645935039000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.34 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36800 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935069000 spt=60592 src=10.1.21.175 start=1645935069000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.224.160.214 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935070000 externalId=37834 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935040000 spt=49700 src=10.1.229.38 start=1645935040000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=5.153.20.140 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42552 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935069000 spt=49886 src=10.0.2.200 start=1645935069000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=750 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.227 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935070000 externalId=37836 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935040000 spt=50082 src=172.16.133.40 start=1645935040000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.224.160.214 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935070000 externalId=42528 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935040000 spt=49699 src=10.1.229.38 start=1645935040000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=5.153.20.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935070000 externalId=42553 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935070000 spt=49893 src=10.0.2.200 start=1645935070000 suser=No Authentication Required +<13>Mar 04 20:51:01 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=5.153.20.140 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42553 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935070000 spt=49893 src=10.0.2.200 start=1645935070000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-dgm bytesOut=243 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=138 dst=172.16.133.255 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37876 proto=17 reason=N/A requestClientApplication=NetBIOS-dgm rt=1645935070000 spt=138 src=10.1.210.240 start=1645935070000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=172.16.133.255 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935070000 externalId=42554 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645935070000 spt=137 src=10.1.210.240 start=1645935070000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=172.16.133.255 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42554 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645935070000 spt=137 src=10.1.210.240 start=1645935070000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=178.255.83.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935071000 externalId=36775 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935041000 spt=52001 src=10.1.41.98 start=1645935041000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5811 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.49.183.44 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935071000 externalId=37841 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935041000 spt=49321 src=172.16.2.169 start=1645935041000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.207.88.186 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42556 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935071000 spt=49278 src=10.1.3.19 start=1645935071000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.177.122.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935072000 externalId=42557 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935072000 spt=49203 src=172.16.2.219 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.177.122.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935072000 externalId=42558 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935072000 spt=49216 src=172.16.2.219 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37842 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54079 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37843 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54081 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935072000 externalId=36779 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54089 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.177.122.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42557 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935072000 spt=49203 src=172.16.2.219 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1430 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935072000 externalId=36776 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54073 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37845 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54091 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1824 bytesOut=552 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935072000 externalId=41815 proto=6 reason=N/A request="http://1.gravatar.com/avatar/7d5d286d346b05ab2d6fbe25778891e1?s=65&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D65&r=G" requestClientApplication=Chrome rt=1645934470000 spt=50140 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935072000 externalId=42531 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54075 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935072000 externalId=42533 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54077 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935072000 externalId=36777 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54078 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:02 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37846 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54093 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935072000 externalId=36780 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=54092 src=10.1.185.35 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=85.87.241.113 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37848 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=43759 src=10.1.121.56 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=85.87.241.113 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37850 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935042000 spt=49609 src=10.1.121.56 start=1645935042000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2920 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935072000 externalId=37157 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934470000 spt=50142 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1670 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935072000 externalId=36052 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934470000 spt=50139 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935073000 externalId=37156 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934470000 spt=50141 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1596 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935073000 externalId=37155 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934470000 spt=50137 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935073000 externalId=41816 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934470000 spt=50145 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=541 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935073000 externalId=36057 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934471000 spt=50270 src=172.16.133.40 start=1645934471000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=12205 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.82 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935073000 externalId=37158 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934471000 spt=60500 src=10.1.230.212 start=1645934471000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935073000 externalId=41817 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934471000 spt=50268 src=172.16.133.40 start=1645934471000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Flash Video bytesIn=113 bytesOut=23 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=843 dst=54.208.9.225 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935073000 externalId=36060 proto=6 reason=N/A requestClientApplication=Flash Video client rt=1645934471000 spt=63503 src=10.1.5.2 start=1645934471000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=6436 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935073000 externalId=37154 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934470000 spt=50135 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=987 bytesOut=2156 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.121 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935073000 externalId=36055 proto=6 reason=N/A request="http://www.gravatar.com/avatar/405fa83edf86f248782789f09898bfaf?default=http%3A%2F%2Fmediacdn.disqus.com%2F1361820143%2Fimages%2Fnoavatar92.png&size=92" requestClientApplication=Chrome rt=1645934470000 spt=50212 src=172.16.133.40 start=1645934470000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=69.147.86.12 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37882 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935073000 spt=49164 src=10.1.52.95 start=1645935073000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:39686|MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt|10|act=Blocked app=Unknown cat=Generic Protocol Command Decode cn1Label=vlan cn2=1 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=39686 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.177.122.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122017 proto=TCP requestClientApplication=Unknown rt=1645935072000 spt=49203 src=172.16.2.219 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.177.122.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122018 proto=TCP requestClientApplication=Unknown rt=1645935072000 spt=49216 src=172.16.2.219 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=@ PL0qDP 3 cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122018 rt=1645935072000 start=1645935072000 +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2904 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935074000 externalId=42541 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55837 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=69.147.86.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935074000 externalId=37882 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935073000 spt=49164 src=10.1.52.95 start=1645935073000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935074000 externalId=37854 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=54717 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:03 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935074000 externalId=36787 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55841 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3797 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935074000 externalId=37857 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55838 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=9146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935074000 externalId=36786 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=54716 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935074000 externalId=37858 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55839 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.65.234 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935074000 externalId=37856 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935044000 spt=55836 src=10.1.4.113 start=1645935044000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.228.234.81 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36806 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935075000 spt=58385 src=172.16.1.141 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=138.68.201.49 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42561 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935075000 spt=123 src=10.180.10.102 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=68 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37885 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935076000 spt=34471 src=93.86.47.122 start=1645935076000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=145 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=5.135.28.104 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935076000 externalId=41826 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934474000 spt=61590 src=10.200.2.252 start=1645934474000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=468 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.205.169.32 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42562 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935075000 spt=49759 src=192.168.137.85 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935076000 externalId=36068 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=63997 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935076000 externalId=41830 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=63998 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=34471 dst=93.86.47.122 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935076000 externalId=36807 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935076000 spt=34862 src=10.1.230.132 start=1645935076000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=34471 dst=93.86.47.122 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36807 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935076000 spt=34862 src=10.1.230.132 start=1645935076000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=418 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935076000 externalId=41828 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=63594 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Skype bytesOut=272 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935076000 externalId=37885 proto=17 reason=N/A requestClientApplication=2000000832 rt=1645935076000 spt=34471 src=93.86.47.122 start=1645935076000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935078000 externalId=36070 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=64770 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935078000 externalId=37171 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=64771 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=418 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935078000 externalId=37168 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=64335 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:04 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.83.57.218 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935078000 externalId=41831 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934475000 spt=64214 src=10.1.103.107 start=1645934475000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=65.55.52.53 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935079000 externalId=41835 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934476000 spt=49242 src=10.1.250.183 start=1645934476000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=65.55.52.53 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935079000 externalId=41836 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934476000 spt=49250 src=10.1.250.183 start=1645934476000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=89.223.100.18 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36810 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935079000 spt=49249 src=172.16.2.219 start=1645935079000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.35.109.176 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935080000 externalId=37861 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935050000 spt=53041 src=10.1.98.173 start=1645935050000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=920 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.235.43.166 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935080000 externalId=41840 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934477000 spt=50517 src=192.168.137.62 start=1645934477000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.35.109.176 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935080000 externalId=42543 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935050000 spt=53042 src=10.1.98.173 start=1645935050000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=55607 dst=204.85.83.100 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42573 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935080000 spt=59281 src=10.1.1.76 start=1645935080000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.140.233 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37889 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935081000 spt=57962 src=10.1.175.244 start=1645935081000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934357000 externalId=35794 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934357000 spt=53245 src=178.208.252.94 start=1645934357000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36811 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935081000 spt=53245 src=178.208.252.94 start=1645935081000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53245 dst=178.208.252.94 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37890 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935081000 spt=59370 src=10.1.150.83 start=1645935081000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=58 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.22.168.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935082000 externalId=42577 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935082000 spt=49942 src=10.1.169.44 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=65.55.206.209 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935082000 externalId=36789 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935052000 spt=55953 src=192.168.3.131 start=1645935052000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934680000 externalId=41957 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934680000 spt=43555 src=79.119.181.153 start=1645934680000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.22.168.11 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37892 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935082000 spt=49938 src=10.1.169.44 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.22.168.11 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42577 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935082000 spt=49942 src=10.1.169.44 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=43555 dst=79.119.181.153 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37891 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935082000 spt=59370 src=10.1.135.29 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42576 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935082000 spt=43555 src=79.119.181.153 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:05 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29639|SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt|8|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29639 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.22.168.11 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122019 proto=TCP requestClientApplication=Unknown rt=1645935082000 spt=49942 src=10.1.169.44 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=413 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.55.169.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935084000 externalId=37862 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935054000 spt=51734 src=172.16.1.141 start=1645935054000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.202.22.92 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935085000 externalId=36793 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935055000 spt=49223 src=192.168.1.43 start=1645935055000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.202.22.92 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935085000 externalId=36792 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935055000 spt=49222 src=192.168.1.43 start=1645935055000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.241.224 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935086000 externalId=42582 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935086000 spt=42171 src=10.1.80.113 start=1645935086000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.241.224 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42583 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935086000 spt=42172 src=10.1.80.113 start=1645935086000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.241.224 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42582 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935086000 spt=42171 src=10.1.80.113 start=1645935086000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=bsw.digitru.st deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.58.128.30 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42584 proto=17 reason=N/A requestClientApplication=DNS rt=1645935086000 spt=61533 src=10.1.115.13 start=1645935086000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:13719|SERVER-ORACLE database username buffer overflow|7|act=Blocked app=Unknown cat=A Suspicious String was Detected cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=13719 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.241.224 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122020 proto=TCP requestClientApplication=Unknown rt=1645935086000 spt=42171 src=10.1.80.113 start=1645935086000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.241.224 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935087000 externalId=42583 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935086000 spt=42172 src=10.1.80.113 start=1645935086000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=7260 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=130.132.21.179 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935087000 externalId=42546 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935057000 spt=50568 src=10.1.20.67 start=1645935057000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=130.132.21.179 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935087000 externalId=37865 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935057000 spt=50569 src=10.1.20.67 start=1645935057000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42591 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51721 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42590 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51720 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36823 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51724 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935090000 externalId=36823 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51724 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=108 bytesOut=116 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.200.174 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37907 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935091000 spt=53746 src=10.1.126.35 start=1645935091000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.195.71 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935091000 externalId=37866 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935061000 spt=49287 src=172.16.1.126 start=1645935061000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=93.184.220.74 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37909 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935092000 spt=49351 src=10.1.156.223 start=1645935092000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-dgm bytesOut=216 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=138 dst=192.168.1.255 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42593 proto=17 reason=N/A requestClientApplication=NetBIOS-dgm rt=1645935092000 spt=138 src=10.1.216.66 start=1645935092000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.1.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935092000 externalId=36825 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645935092000 spt=137 src=10.1.216.66 start=1645935092000 suser=No Authentication Required +<13>Mar 04 20:51:06 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-dgm bytesOut=216 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=138 dst=192.168.1.255 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935092000 externalId=42593 proto=17 reason=N/A requestClientApplication=NetBIOS-dgm rt=1645935092000 spt=138 src=10.1.216.66 start=1645935092000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.101.193.67 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935092000 externalId=36796 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935062000 spt=41368 src=10.180.10.102 start=1645935062000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=110 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=192.168.1.255 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36825 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645935092000 spt=137 src=10.1.216.66 start=1645935092000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=217.69.139.160 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935093000 externalId=42549 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935063000 spt=50245 src=10.1.189.231 start=1645935063000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=217.69.139.160 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935093000 externalId=37871 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935063000 spt=50322 src=10.1.189.231 start=1645935063000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42595 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935093000 spt=52693 src=10.1.247.164 start=1645935093000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42599 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935094000 spt=53107 src=10.1.247.164 start=1645935094000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37910 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935093000 spt=58161 src=10.1.247.164 start=1645935093000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36827 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935094000 spt=53097 src=10.1.247.164 start=1645935094000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935094000 externalId=42599 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935094000 spt=53107 src=10.1.247.164 start=1645935094000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.2.163 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935094000 externalId=36797 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935064000 spt=43024 src=10.1.243.102 start=1645935064000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.2.163 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935094000 externalId=42550 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935064000 spt=49422 src=10.1.243.102 start=1645935064000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935094000 externalId=42595 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935093000 spt=52693 src=10.1.247.164 start=1645935093000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.101.129.67 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935097000 externalId=37872 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935067000 spt=35320 src=10.180.10.102 start=1645935067000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1420 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=5.153.20.140 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935100000 externalId=37874 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935069000 spt=49887 src=10.0.2.200 start=1645935069000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.34 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935099000 externalId=36800 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935069000 spt=60592 src=10.1.21.175 start=1645935069000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1020 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.34 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935099000 externalId=37873 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935069000 spt=60591 src=10.1.21.175 start=1645935069000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935101000 externalId=37877 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935071000 spt=60502 src=10.1.142.200 start=1645935071000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.101.65.67 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935102000 externalId=36802 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935072000 spt=53500 src=10.180.10.102 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.0.230 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935102000 externalId=37879 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935072000 spt=49194 src=10.1.247.65 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:07 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.0.230 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935102000 externalId=37878 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935072000 spt=49193 src=10.1.247.65 start=1645935072000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3515 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=69.147.86.12 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935104000 externalId=36804 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935073000 spt=49169 src=10.1.52.95 start=1645935073000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.63.147.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935105000 externalId=37883 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935074000 spt=49508 src=10.1.55.10 start=1645935074000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=185.63.147.10 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935105000 externalId=42559 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935074000 spt=49509 src=10.1.55.10 start=1645935074000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=185.63.147.10 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935105000 externalId=36805 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935074000 spt=49511 src=10.1.55.10 start=1645935074000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.228.234.81 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935105000 externalId=36806 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935075000 spt=58385 src=172.16.1.141 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=622 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.228.234.81 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935105000 externalId=42560 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935075000 spt=58379 src=172.16.1.141 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=414 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.205.169.32 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935106000 externalId=42562 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935075000 spt=49759 src=192.168.137.85 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=6842 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.205.169.32 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935106000 externalId=37884 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935075000 spt=49758 src=192.168.137.85 start=1645935075000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.194.180.56 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935106000 externalId=42563 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935076000 spt=49863 src=172.16.3.122 start=1645935076000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=8676 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.213.250.131 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935107000 externalId=42564 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935077000 spt=49350 src=10.1.29.179 start=1645935077000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.101.1.67 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935107000 externalId=37887 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935077000 spt=41634 src=10.180.10.102 start=1645935077000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935108000 externalId=42566 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935078000 spt=53644 src=10.1.129.18 start=1645935078000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935108000 externalId=42565 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935077000 spt=53643 src=10.1.129.18 start=1645935077000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.43 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935108000 externalId=37888 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935078000 spt=53664 src=10.1.129.18 start=1645935078000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935108000 externalId=42570 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935078000 spt=53672 src=10.1.129.18 start=1645935078000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=625 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.39.55.13 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935108000 externalId=42568 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935078000 spt=49186 src=10.1.24.227 start=1645935078000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=625 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.39.55.13 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935108000 externalId=42569 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935078000 spt=49187 src=10.1.24.227 start=1645935078000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.43 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935108000 externalId=42567 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935078000 spt=53666 src=10.1.129.18 start=1645935078000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=78768 bytesOut=951 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7080 dst=69.195.223.154 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931508000 externalId=37608 proto=6 reason=N/A request=http://69.195.223.154:7080/ requestClientApplication=Internet Explorer rt=1645931508000 spt=49217 src=172.16.3.133 start=1645931508000 suser=No Authentication Required +<13>Mar 04 20:51:08 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.3.35 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935109000 externalId=36809 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935079000 spt=49162 src=10.1.96.220 start=1645935079000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.3.35 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935109000 externalId=42572 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935079000 spt=49161 src=10.1.96.220 start=1645935079000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=93.158.134.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935110000 externalId=42575 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935080000 spt=50290 src=192.168.1.95 start=1645935080000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=93.158.134.90 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935110000 externalId=42574 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935080000 spt=50289 src=192.168.1.95 start=1645935080000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1408 bytesOut=392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=199.16.156.201 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931510000 externalId=31696 proto=6 reason=N/A request=https://syndication.twitter.com requestClientApplication=SSL client rt=1645931510000 spt=49226 src=10.1.122.28 start=1645931510000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=38.106.34.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935113000 externalId=42578 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935082000 spt=49904 src=192.168.1.95 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=38.106.34.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935113000 externalId=37893 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935082000 spt=49905 src=192.168.1.95 start=1645935082000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=192.168.0.109 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935113000 externalId=42579 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935083000 spt=49926 src=10.1.153.78 start=1645935083000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=192.168.0.109 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935113000 externalId=36813 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935083000 spt=49849 src=10.1.153.78 start=1645935083000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.109 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935113000 externalId=37894 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935083000 spt=49469 src=10.1.153.78 start=1645935083000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.93.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931512000 externalId=31701 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931512000 spt=49229 src=10.1.175.226 start=1645931512000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=192.168.0.109 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935113000 externalId=37896 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935083000 spt=49829 src=10.1.153.78 start=1645935083000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=587 dst=66.4.22.55 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935114000 externalId=37898 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935084000 spt=50170 src=172.17.1.129 start=1645935084000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=66.4.22.55 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935114000 externalId=36815 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935084000 spt=49672 src=172.17.1.129 start=1645935084000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=45.32.28.232 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935115000 externalId=37900 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935085000 spt=55054 src=10.1.215.47 start=1645935085000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=50.205.244.112 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42602 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935115000 spt=123 src=10.180.10.102 start=1645935115000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=45.32.28.232 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935115000 externalId=36817 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935085000 spt=63820 src=10.1.215.47 start=1645935085000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=45.32.28.232 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935115000 externalId=42581 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935085000 spt=56874 src=10.1.215.47 start=1645935085000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=58 bytesOut=380 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=131.253.33.254 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931516000 externalId=37613 proto=6 reason=N/A request=https://a-ring.msedge.net requestClientApplication=SSL client rt=1645931516000 spt=49725 src=192.168.9.155 start=1645931516000 suser=No Authentication Required +<13>Mar 04 20:51:09 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=109.239.110.104 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935118000 externalId=37901 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935088000 spt=49345 src=172.16.138.158 start=1645935088000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=572 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49820 dst=83.193.191.124 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931517000 externalId=37615 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931517000 spt=59370 src=10.1.149.64 start=1645931517000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935119000 externalId=42586 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49202 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935119000 externalId=37903 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49203 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935119000 externalId=42587 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49207 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935119000 externalId=36818 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49200 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935119000 externalId=37902 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49205 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935119000 externalId=37905 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49208 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935119000 externalId=42585 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49198 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=47804 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935119000 externalId=37906 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51723 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935119000 externalId=36820 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49209 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935119000 externalId=42589 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51719 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935119000 externalId=42590 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51720 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesOut=852 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.211.123.23 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935119000 externalId=37193 proto=6 reason=N/A request=http://www.medius.si/ requestClientApplication=Internet Explorer rt=1645934517000 spt=49269 src=10.1.158.114 start=1645934517000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935119000 externalId=36819 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49204 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935119000 externalId=37904 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49206 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935119000 externalId=42588 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49211 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=31.13.74.52 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935119000 externalId=36821 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=49210 src=192.168.137.56 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.20.16.113 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935119000 externalId=36822 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935089000 spt=51722 src=10.1.193.5 start=1645935089000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.172 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935120000 externalId=36824 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935090000 spt=49236 src=10.1.217.73 start=1645935090000 suser=No Authentication Required +<13>Mar 04 20:51:10 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=144.34.193.110 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36833 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935120000 spt=123 src=10.180.10.102 start=1645935120000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.172 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935120000 externalId=42592 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935090000 spt=49237 src=10.1.217.73 start=1645935090000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=826 bytesOut=740 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.74.28.41 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931520000 externalId=32825 proto=6 reason=N/A request="http://b.scorecardresearch.com/b?c1=2&c2=6034623&c3=nymag.dev&c4=http://nymag.com/&c5=&c6=&c7=http%3A%2F%2Fnymag.com%2F&c8=New%20York%20Magazine&c9=&c10=320x568&c15=&rn=1545161790111" requestClientApplication=Mobile Safari rt=1645931520000 spt=53523 src=172.16.3.188 start=1645931520000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=951 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931517000 externalId=37616 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931517000 spt=49820 src=83.193.191.124 start=1645931517000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=678 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=93.184.220.74 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935122000 externalId=37908 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935092000 spt=49350 src=10.1.156.223 start=1645935092000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=132 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=138.108.6.20 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931519000 externalId=34284 proto=6 reason=N/A requestClientApplication=Unknown rt=1645929205000 spt=49422 src=172.16.133.28 start=1645929205000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=3006 bytesOut=514 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.23 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931521000 externalId=31717 proto=6 reason=N/A request=http://cdn.mouseflow.com/projects/62ca3e69-1c05-44a3-ac4d-a29665c7b13b.js requestClientApplication=Chrome rt=1645931521000 spt=51427 src=10.1.215.245 start=1645931521000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=51427 dst=10.1.215.245 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56266 proto=TCP requestClientApplication=Chrome rt=1645935122000 spt=80 src=198.232.125.23 start=1645931521000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56266 rt=1645935122000 start=1645935122000 +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1156 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.142.194 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935124000 externalId=42597 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935094000 spt=53091 src=10.1.247.164 start=1645935094000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.33.82.110 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935124000 externalId=42598 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935094000 spt=49442 src=172.16.133.132 start=1645935094000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=366 bytesOut=101 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=gateway-carry.fe.apple-dns.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.251.196.100 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931523000 externalId=31721 proto=17 reason=N/A requestClientApplication=DNS rt=1645931523000 spt=62160 src=10.1.67.138 start=1645931523000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=365 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931520000 externalId=37622 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931520000 spt=64913 src=201.208.201.113 start=1645931520000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=198.232.125.23 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935126000 externalId=37625 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931521000 spt=51432 src=10.1.215.245 start=1645931521000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=270 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=64.142.54.12 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934081000 externalId=40912 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933950000 spt=123 src=10.180.10.102 start=1645933950000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=1012 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=SERVER-99.NEWYORK.EXODUS.speedera.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=213.61.6.5 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931521000 externalId=37624 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931521000 spt=32789 src=10.1.252.53 start=1645931521000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=64.142.54.12 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42607 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935126000 spt=123 src=10.180.10.102 start=1645935126000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=35869 dst=79.169.79.198 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931527000 externalId=37638 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931527000 spt=59370 src=10.1.124.191 start=1645931527000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=235 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=50.56.185.232 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931526000 externalId=32829 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931526000 spt=63013 src=10.1.138.83 start=1645931526000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=27760 bytesOut=852 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.129.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931526000 externalId=32828 proto=6 reason=N/A request="http://r2---sn-vgqskned.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYzUyQUFWZDVkRW9pdEVlYnN0ajhfbS1Fdw/6217.911.0.5_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&expire=1511239153&ip=173.224.116.232&ipbits=0&mm=28&mn=sn-vgqskned&ms=nvh&mt=1511224594&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=38E1DD6344B9D46DE7E106B3F807ADC96FFC4630.5DB026207D34B5E275E6DD3B120E7AFBF6BAAD06&key=cms1" requestClientApplication=Chrome rt=1645931526000 spt=49193 src=10.1.148.2 start=1645931526000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.31.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931528000 externalId=31738 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931528000 spt=60736 src=10.1.25.97 start=1645931528000 suser=No Authentication Required +<13>Mar 04 20:51:11 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.31.250 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931528000 externalId=32830 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931528000 spt=60732 src=10.1.25.97 start=1645931528000 suser=No Authentication Required +<13>Mar 04 20:51:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=10027 dst=87.198.10.83 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931529000 externalId=31740 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931529000 spt=59370 src=10.1.129.74 start=1645931529000 suser=No Authentication Required +<13>Mar 04 20:51:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931529000 externalId=32833 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931529000 spt=10027 src=87.198.10.83 start=1645931529000 suser=No Authentication Required +<13>Mar 04 20:51:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=823 bytesOut=2693 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.235.138.194 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931530000 externalId=37643 proto=6 reason=N/A request="http://msnbc.112.2o7.net/b/ss/msnbcnbcnewscomprod/1/H.26.1-D56N/s1112964399158?AQB=1&ndh=1&t=9%2F8%2F2015%2010%3A31%3A54%203%20420&D=D%3D&fid=39237BC911F71575-3C52061BCF5E9B47&ns=msnbc&pageName=%20nbcnews%3Asection%3Ascience&g=http%3A%2F%2Fwww.nbcnews.com%2Fscience&r=http%3A%2F%2Fwww.nbcnews.com%2Fnews%2Fworld&cc=USD&ch=science&server=nbcnews.com&events=event35%3A1441819914918&v1=%20nbcnews%3Asection%3Ascience&v2=section&v3=nbcnews.com&v5=science&c6=http%3A%2F%2Fwww.nbcnews.com%2Fscience&c7=responsive&c8=%20nbcnews%3Asection%3Anews%3Atopic%3Aworld&c9=http%3A%2F%2Fwww.nbcnews.com%2Fnews%2Fworld&c10=responsive&v12=1%3A30PM&v13=Wednesday&v14=Weekday&v15=7&v20=%20nbcnews%3Asection%3Ascience&c23=NBCNews&v23=nbcnews&v27=%20nbcnews%3Asection%3Anews%3Atopic%3Aworld&v28=http%3A%2F%2Fwww.nbcnews.com%2Fnews%2Fworld&v33=be0440e8b34fb0982c76fe6fee3e37d3&v34=39237BC911F71575-3C52061BCF5E9B47&v35=2&v42=http%3A%2F%2Fwww.nbcnews.com%2Fscience&v63=no%20document%20id&s=807x648&c=24&j=1.6&v=Y&k=Y&bw=807&bh=557&p=Widevine%20Conte" requestClientApplication=Chrome rt=1645931530000 spt=52081 src=10.1.92.170 start=1645931530000 suser=No Authentication Required +<13>Mar 04 20:51:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=445 bytesOut=640 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=14.200.100.10 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931531000 externalId=32836 proto=6 reason=N/A request="http://go2.microsoft.com/fwlink/?linkid=128298" requestClientApplication=BITS rt=1645931531000 spt=49234 src=172.16.181.176 start=1645931531000 suser=No Authentication Required +<13>Mar 04 20:51:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=866 bytesOut=653 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=207.207.55.241 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931534000 externalId=37650 proto=6 reason=N/A request=http://oxp.mxptint.net/OpenX.ashx requestClientApplication=Chrome rt=1645931534000 spt=41289 src=10.1.251.50 start=1645931534000 suser=No Authentication Required +<13>Mar 04 20:51:12 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=207.207.55.241 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931534000 externalId=31749 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931534000 spt=41441 src=10.1.251.50 start=1645931534000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.21.65.96 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931536000 externalId=31756 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931536000 spt=50713 src=172.16.133.132 start=1645931536000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=37.252.162.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931538000 externalId=32847 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931538000 spt=50272 src=10.1.34.116 start=1645931538000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=5596 bytesOut=644 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.201.229 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935139000 externalId=37209 proto=6 reason=N/A request=https://client-cf.dropbox.com requestClientApplication=SSL client rt=1645934536000 spt=50120 src=10.1.139.250 start=1645934536000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=257 bytesOut=691 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=37.252.162.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931538000 externalId=31758 proto=6 reason=N/A request=https://secure.adnxs.com requestClientApplication=SSL client rt=1645931538000 spt=50286 src=10.1.34.116 start=1645931538000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=10882 dst=94.212.12.208 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931542000 externalId=37660 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931542000 spt=59370 src=10.1.152.246 start=1645931542000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=66 bytesOut=1604 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.60 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931538000 externalId=32849 proto=6 reason=N/A requestClientApplication=Web browser rt=1645931538000 spt=64326 src=10.1.85.53 start=1645931538000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25512 dst=77.71.57.69 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931542000 externalId=32856 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931542000 spt=59370 src=10.1.74.27 start=1645931542000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=3252 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=172.16.103.255 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931542000 externalId=31762 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645931542000 spt=137 src=10.1.136.225 start=1645931542000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=108.61.73.243 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933086000 externalId=40353 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933086000 spt=123 src=10.180.10.102 start=1645933086000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=324 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=200.33.146.213 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931545000 externalId=32858 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931545000 spt=32789 src=10.1.230.165 start=1645931545000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=108.61.73.243 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42610 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935142000 spt=123 src=10.180.10.102 start=1645935142000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.10.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935142000 externalId=42600 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935112000 spt=59108 src=10.180.10.102 start=1645935112000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2908 bytesOut=278 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=50.19.238.58 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931544000 externalId=37664 proto=6 reason=N/A request=https://match.adsrvr.org requestClientApplication=SSL client rt=1645931544000 spt=62778 src=10.1.48.89 start=1645931544000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2951 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=62.51.0.35 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935146000 externalId=37218 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934541000 spt=49471 src=10.1.57.144 start=1645934541000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.209.0.20 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931545000 externalId=37665 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931545000 spt=123 src=10.180.10.102 start=1645931545000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931546000 externalId=31766 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931546000 spt=40030 src=157.55.56.156 start=1645931546000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.9.174 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935147000 externalId=37914 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935117000 spt=52006 src=10.180.10.102 start=1645935117000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=130 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40030 dst=157.55.56.156 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931546000 externalId=37668 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931546000 spt=34862 src=10.1.133.233 start=1645931546000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931547000 externalId=32861 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931547000 spt=50198 src=192.168.1.95 start=1645931547000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931547000 externalId=32862 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931547000 spt=50199 src=192.168.1.95 start=1645931547000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=246 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931548000 externalId=31782 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=50211 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:13 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931548000 externalId=37674 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=50208 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931548000 externalId=32868 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=50284 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=58 bytesOut=494 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931548000 externalId=31783 proto=6 reason=N/A request=http://185.68.93.18/dot.php requestClientApplication=Internet Explorer rt=1645931548000 spt=50376 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931548000 externalId=37678 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=50213 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.96.155.131 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931549000 externalId=32870 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931549000 spt=49597 src=10.1.108.155 start=1645931549000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.67.33.204 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935152000 externalId=37915 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935122000 spt=34492 src=10.180.10.102 start=1645935122000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931548000 externalId=37679 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=50214 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931548000 externalId=31785 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=50380 src=192.168.1.95 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=246 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=185.68.93.18 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931549000 externalId=32872 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931549000 spt=50384 src=192.168.1.95 start=1645931549000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=43 bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=61.65.90.109 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935154000 externalId=32873 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931549000 spt=62869 src=10.1.23.69 start=1645931549000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40001 dst=157.56.52.29 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931551000 externalId=31793 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931551000 spt=34862 src=10.1.172.98 start=1645931551000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=74 bytesOut=514 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.171.225.80 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931550000 externalId=37681 proto=6 reason=N/A request=http://ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISA%2FCGY721owaoZm884vc4GAJc requestClientApplication=Web browser rt=1645931550000 spt=50278 src=10.1.103.69 start=1645931550000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=496 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931551000 externalId=32878 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931551000 spt=40001 src=157.56.52.29 start=1645931551000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=7892 dst=213.64.95.196 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931552000 externalId=37684 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931552000 spt=50983 src=10.1.29.191 start=1645931552000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=533 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50983 dst=172.16.255.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931552000 externalId=31796 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931552000 spt=7892 src=213.64.95.196 start=1645931552000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8621 dst=85.65.115.25 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931551000 externalId=32880 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931551000 spt=59370 src=10.1.136.249 start=1645931551000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=85.143.220.17 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931551000 externalId=32879 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931551000 spt=49429 src=10.1.124.98 start=1645931551000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=217 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ns.rdu.BELLSOUTH.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.152.0.5 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37928 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935155000 spt=32789 src=10.1.119.87 start=1645935155000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931551000 externalId=32881 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931551000 spt=8621 src=85.65.115.25 start=1645931551000 suser=No Authentication Required +<13>Mar 04 20:51:14 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.247.94.147 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42616 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935156000 spt=51130 src=10.1.81.29 start=1645935156000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=236 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.36.125.2 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931555000 externalId=37690 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931555000 spt=32789 src=192.168.100.28 start=1645931555000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=326 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=gd12.doubleclick.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.138.3.20 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931558000 externalId=37698 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931558000 spt=32789 src=10.1.231.77 start=1645931558000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.210.67 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37930 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935157000 spt=49160 src=10.1.235.143 start=1645935157000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.58.210.67 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36843 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935157000 spt=49159 src=10.1.235.143 start=1645935157000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1572 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.249.88.72 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931557000 externalId=31808 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931557000 spt=54506 src=10.1.131.104 start=1645931557000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36844 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935159000 spt=46147 src=46.116.186.52 start=1645935159000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.86.76.22 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36845 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935160000 spt=59331 src=10.1.76.71 start=1645935160000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=13126 dst=109.65.22.40 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931560000 externalId=31813 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931560000 spt=59370 src=10.1.63.34 start=1645931560000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931560000 externalId=31814 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931560000 spt=13126 src=109.65.22.40 start=1645931560000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=46147 dst=46.116.186.52 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37932 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935159000 spt=59370 src=10.1.123.161 start=1645935159000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.10.145.199 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931559000 externalId=32889 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931559000 spt=49315 src=172.16.45.52 start=1645931559000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=589 bytesOut=628 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=217.163.21.35 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931559000 externalId=37699 proto=6 reason=N/A request="http://ads.yahoo.com/cms/v1?esig=1~17e68b1b86afcfd8436104fe567484ccc2161b0f&nwid=10000602235&sigv=1" requestClientApplication=Chrome rt=1645931559000 spt=49787 src=10.1.179.56 start=1645931559000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=2784 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=58067 dst=10.1.75.249 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931561000 externalId=32892 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931561000 spt=443 src=173.194.112.169 start=1645931561000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2407 bytesOut=1541 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=107.178.246.49 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931560000 externalId=37701 proto=6 reason=N/A request=https://pixel.tapad.com requestClientApplication=SSL client rt=1645931560000 spt=49283 src=10.1.175.74 start=1645931560000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.119.119.84 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931561000 externalId=37704 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931561000 spt=49302 src=172.16.2.169 start=1645931561000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=32182 dst=93.139.179.108 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931565000 externalId=37718 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931565000 spt=59370 src=10.1.213.144 start=1645931565000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931565000 externalId=37719 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931565000 spt=32182 src=93.139.179.108 start=1645931565000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2945 bytesOut=4247 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=65245 dst=10.1.75.249 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931561000 externalId=37706 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931561000 spt=443 src=173.194.112.169 start=1645931561000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=195.20.11.42 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42619 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935163000 spt=49811 src=10.1.247.240 start=1645935163000 suser=No Authentication Required +<13>Mar 04 20:51:15 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=1018 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=INDIGO.ARIN.NET deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.41.162.32 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931570000 externalId=37725 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931570000 spt=32789 src=192.168.100.28 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.86.240.88 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37933 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935164000 spt=49157 src=10.1.240.196 start=1645935164000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=332 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dsl-200-67-90-136.prodigy.net.mx deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=200.33.148.201 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42621 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935164000 spt=32789 src=10.1.153.233 start=1645935164000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=303 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns01.btx.dtag.de deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=129.70.132.100 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42623 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935166000 spt=32789 src=192.168.100.28 start=1645935166000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=35.190.155.102 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42626 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935167000 spt=49345 src=192.168.1.14 start=1645935167000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.23.57.65 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931566000 externalId=32900 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931566000 spt=54899 src=10.1.238.61 start=1645931566000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2767 bytesOut=937 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.1.136 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931566000 externalId=31827 proto=6 reason=N/A request=https://www.googletagmanager.com requestClientApplication=SSL client rt=1645931566000 spt=50241 src=10.1.166.105 start=1645931566000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40005 dst=64.4.23.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931568000 externalId=32907 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931568000 spt=34862 src=10.1.222.111 start=1645931568000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1527 bytesOut=446 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.119.119.69 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931567000 externalId=32905 proto=6 reason=N/A request=https://bidder.criteo.com requestClientApplication=SSL client rt=1645931567000 spt=49225 src=172.16.1.149 start=1645931567000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.35.180.245 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37936 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935169000 spt=49478 src=192.168.1.95 start=1645935169000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931568000 externalId=31833 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931568000 spt=40005 src=64.4.23.155 start=1645931568000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.35.180.245 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935169000 externalId=37936 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935169000 spt=49478 src=192.168.1.95 start=1645935169000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4886 bytesOut=1456 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.145.248 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931569000 externalId=31835 proto=6 reason=N/A request="http://choices.truste.com/ca?pid=comcast01&aid=comcast01&cid=7256565_834221_92198909_52014258&js=st_0" requestClientApplication=Firefox rt=1645931569000 spt=64479 src=172.16.133.54 start=1645931569000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.64.244 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37937 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935170000 spt=50199 src=172.16.133.35 start=1645935170000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DCE/RPC bytesIn=406 bytesOut=496 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=135 dst=172.16.128.201 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931570000 externalId=37726 proto=6 reason=N/A requestClientApplication=Epmap rt=1645931570000 spt=1732 src=172.16.133.6 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=AD File Replication Service bytesIn=39620 bytesOut=1859 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1179 dst=172.16.133.6 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931570000 externalId=32912 proto=6 reason=N/A requestClientApplication=AD File Replication Service client rt=1645931570000 spt=2992 src=172.16.128.201 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=AD File Replication Service bytesIn=837 bytesOut=2265 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1060 dst=172.16.128.201 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931570000 externalId=32915 proto=6 reason=N/A requestClientApplication=AD File Replication Service client rt=1645931570000 spt=1731 src=172.16.133.6 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=268 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40034 dst=213.199.179.140 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931573000 externalId=32826 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=34862 src=10.1.213.22 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:16 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=4294967295 bytesOut=496 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931573000 externalId=32827 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=40027 src=213.199.179.140 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DCE/RPC bytesIn=330 bytesOut=1712 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1060 dst=172.16.128.201 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931570000 externalId=37727 proto=6 reason=N/A requestClientApplication=DCE/RPC client rt=1645931570000 spt=1733 src=172.16.133.6 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=176.31.102.171 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931572000 externalId=31843 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931572000 spt=123 src=10.180.10.102 start=1645931572000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=AD File Replication Service bytesIn=1714 bytesOut=2636 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1179 dst=172.16.133.6 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931570000 externalId=31840 proto=6 reason=N/A requestClientApplication=AD File Replication Service client rt=1645931570000 spt=2991 src=172.16.128.201 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:133:27|DCE2_EVENT__CO_BAD_MAJ_VERSION|6|act=Would Be Blocked app=AD File Replication Service cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=27 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=2992 dst=172.16.128.201 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187718 proto=TCP requestClientApplication=AD File Replication Service client rt=1645931570000 spt=1179 src=172.16.133.6 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=204.12.214.115 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931578000 externalId=32961 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931578000 spt=59370 src=10.1.36.211 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=AD File Replication Service bytesIn=330 bytesOut=1712 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1060 dst=172.16.128.201 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931570000 externalId=37728 proto=6 reason=N/A requestClientApplication=AD File Replication Service client rt=1645931570000 spt=1734 src=172.16.133.6 start=1645931570000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=215 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40033 dst=213.199.179.140 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931573000 externalId=31844 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931573000 spt=34862 src=10.1.213.22 start=1645931573000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=52.26.87.58 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37941 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935173000 spt=49668 src=192.168.1.95 start=1645935173000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=484 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931573000 externalId=31726 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=40010 src=213.199.179.140 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=194.58.204.148 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931572000 externalId=37736 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931572000 spt=123 src=10.180.10.102 start=1645931572000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=310 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931573000 externalId=37637 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=40026 src=213.199.179.140 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=4294967295 bytesIn=2757 bytesOut=4321 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64056 dst=10.1.12.250 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931571000 externalId=37733 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931571000 spt=443 src=173.194.116.245 start=1645931571000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=341 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40010 dst=213.199.179.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931573000 externalId=37738 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931573000 spt=34862 src=10.1.213.22 start=1645931573000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1438 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931573000 externalId=37633 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=40033 src=213.199.179.140 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=AD File Replication Service bytesIn=5150 bytesOut=2102 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1060 dst=172.16.128.201 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931571000 externalId=37729 proto=6 reason=N/A requestClientApplication=AD File Replication Service client rt=1645931571000 spt=1735 src=172.16.133.6 start=1645931571000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931573000 externalId=37629 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=40034 src=213.199.179.140 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cs766.wpc.epsiloncdn.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42633 proto=17 reason=N/A requestClientApplication=DNS rt=1645935175000 spt=61649 src=10.1.27.60 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=iphonehacks.wpengine.netdna-cdn.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36859 proto=17 reason=N/A requestClientApplication=DNS rt=1645935175000 spt=62054 src=10.1.27.60 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cs766.wpc.epsiloncdn.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935175000 externalId=42633 proto=17 reason=N/A requestClientApplication=DNS rt=1645935175000 spt=61649 src=10.1.27.60 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:17 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=iphonehacks.wpengine.netdna-cdn.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935175000 externalId=36859 proto=17 reason=N/A requestClientApplication=DNS rt=1645935175000 spt=62054 src=10.1.27.60 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=140 bytesOut=1271 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.154.126.193 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931574000 externalId=37739 proto=6 reason=N/A request="http://ev.visualdna.com/events?b=GenericApp_v_0.1&enc=json&source=nielsen&bust=1520659765113&e=%7B%22esVDNAAppUserActionEvent%22%3A%5B%7B%22Ba4%22%3A%22tracking%22%2C%22Ba5%22%3A%22http%3A%2F%2Fwww.businessinsider.com%2Fmost-searched-consumer-tech-products-of-2017-according-to-google-2017-12%22%2C%22Ba6%22%3A%22http%3A%2F%2Fwww.businessinsider.com%2Fbest-cheap-smartphones-buying-guide-2017-12%22%2C%22Ba18%22%3A%22PAGE_VIEW%22%2C%22Ba20%22%3A%22businessinsider1426684774037%22%2C%22Ba26%22%3A%22VDNASITETRACKING%22%7D%5D%7D&xl8id=0be70a6b4b922764b714f5d4eb9fe866" requestClientApplication=Chrome rt=1645931573000 spt=60299 src=172.16.1.141 start=1645931573000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1224 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=213.199.179.140 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931573000 externalId=31724 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=34862 src=10.1.213.22 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=2014 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931573000 externalId=37631 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=40016 src=213.199.179.140 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sync.tubemogul.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36861 proto=17 reason=N/A requestClientApplication=DNS rt=1645935175000 spt=62397 src=10.1.27.60 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=892 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=cs766.wpc.epsiloncdn.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61649 dst=10.1.27.60 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42634 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935175000 spt=53 src=192.48.79.30 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=444 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=213.199.179.140 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931573000 externalId=31845 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931573000 spt=34862 src=10.1.213.22 start=1645931573000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sync.tubemogul.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935175000 externalId=36861 proto=17 reason=N/A requestClientApplication=DNS rt=1645935175000 spt=62397 src=10.1.27.60 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931574000 externalId=31849 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931574000 spt=49001 src=46.147.156.127 start=1645931574000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=525 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40026 dst=213.199.179.140 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931573000 externalId=31729 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931525000 spt=34862 src=10.1.213.22 start=1645931525000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=893 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=iphonehacks.wpengine.netdna-cdn.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62054 dst=10.1.27.60 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36860 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935175000 spt=53 src=192.48.79.30 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=923 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sync.tubemogul.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62397 dst=10.1.27.60 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36862 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935175000 spt=53 src=192.48.79.30 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49001 dst=46.147.156.127 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931574000 externalId=37740 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931574000 spt=59370 src=10.1.245.208 start=1645931574000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=9446 bytesOut=1017 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.186.33.87 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931574000 externalId=31846 proto=6 reason=N/A request=http://connexion-zen.com/counter/?00000019YBCtvdxvmvPXJSb9u4bzvNFZ97MGaK2d05891000MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbmPHI8ET5F8rR5VuhQnF2OUanzCex-e7QwUGEb__Aq3i2ZnVl21tYurmxWK2GEhHWqWWUxJYiDDMUYHYjBi4JzJ3N06m_nTosgW-rI46dnntfTSSWS1Jk27IXBqrIgND54nUIIhqla4zSen56LfW4nUnuZIZeYUvBqcyA8itxQDba3zQIjs96oxTq0TuT_2DMP-6INGblUzjFSU0rwQVj6PSl741bzfSRw4qRZwHzc6H-FJ2QIGXgG_wP0FsqTSwdg-9mGvKTQyPk4NljVWv8LE_tNLYaewk4ZOMR2oBU6jG6E6VYYYPqQGnBevBUyuexZ1fjuS_HLzQOwTC9xQSQIDAQABQ5Jjzaa6WhFlMYB7TkEI7VDmFfDhAOlT4eiTCjzaGIDWQ_HLSotJ4OSHGllci1nUFEHbDC7OhMxrg01xuMzYXoKp8sGSP78r3 requestClientApplication=Internet Explorer rt=1645931573000 spt=49166 src=10.1.123.107 start=1645931573000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=1026 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=50.28.8.201 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931575000 externalId=31850 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931575000 spt=49299 src=192.168.1.96 start=1645931575000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=208.47.254.26 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931575000 externalId=37746 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931575000 spt=56564 src=10.1.89.167 start=1645931575000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=162.125.5.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931577000 externalId=31883 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931577000 spt=49222 src=172.16.5.203 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931578000 externalId=37774 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931578000 spt=57157 src=212.52.58.52 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:18 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2644 bytesOut=497 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=162.125.5.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931577000 externalId=31882 proto=6 reason=N/A request=https://www.dropbox.com requestClientApplication=SSL client rt=1645931577000 spt=49221 src=172.16.5.203 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=87.66.13.80 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931578000 externalId=32962 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931578000 spt=62059 src=10.1.46.191 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=66 bytesOut=351 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.232.250.57 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931579000 externalId=37777 proto=6 reason=N/A request=https://970-ygt-940.mktoresp.com requestClientApplication=SSL client rt=1645931579000 spt=50706 src=10.1.236.8 start=1645931579000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=62 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=176.32.96.6 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931577000 externalId=31888 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931577000 spt=64709 src=10.1.1.38 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=57157 dst=212.52.58.52 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931578000 externalId=31889 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931578000 spt=59370 src=10.1.198.112 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36866 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935179000 spt=49218 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=10354 bytesOut=962 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935180000 externalId=37946 proto=6 reason=N/A request=https://platform.twitter.com requestClientApplication=SSL client rt=1645935179000 spt=49223 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36868 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935179000 spt=49224 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=21012 bytesOut=1250 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935180000 externalId=36868 proto=6 reason=N/A request=https://platform.twitter.com requestClientApplication=SSL client rt=1645935179000 spt=49224 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=29762 bytesOut=604 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935180000 externalId=36867 proto=6 reason=N/A request=http://platform.twitter.com/widgets.js requestClientApplication=Chrome rt=1645935179000 spt=49221 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36867 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935179000 spt=49221 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=120 bytesOut=228 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935180000 externalId=36866 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935179000 spt=49218 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=72.21.91.66 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37946 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935179000 spt=49223 src=10.1.25.157 start=1645935179000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931578000 externalId=31890 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931578000 spt=51413 src=204.12.214.115 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60580 dst=10.1.10.55 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931582000 externalId=31907 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931582000 spt=443 src=64.233.166.155 start=1645931582000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=199.127.137.225 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36870 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935180000 spt=123 src=10.180.10.102 start=1645935180000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=66 bytesOut=405 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=204.232.250.57 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931579000 externalId=32964 proto=6 reason=N/A request=https://970-ygt-940.mktoresp.com requestClientApplication=SSL client rt=1645931578000 spt=50697 src=10.1.236.8 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.8.210.158 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37948 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935182000 spt=52227 src=10.1.174.185 start=1645935182000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=209.167.231.15 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37949 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935183000 spt=3673 src=10.1.179.192 start=1645935183000 suser=No Authentication Required +<13>Mar 04 20:51:19 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.8.210.158 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935183000 externalId=37948 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935182000 spt=52227 src=10.1.174.185 start=1645935182000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=94.31.29.64 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931583000 externalId=37795 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931583000 spt=49527 src=10.1.86.6 start=1645931583000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=57882 dst=81.158.35.72 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931587000 externalId=32997 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931587000 spt=59370 src=10.1.45.5 start=1645931587000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=1850 bytesOut=510 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=94.31.29.64 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931583000 externalId=31909 proto=6 reason=N/A request="http://static.hotjar.com/c/hotjar-56850.js?sv=5" requestClientApplication=Chrome rt=1645931583000 spt=49522 src=10.1.86.6 start=1645931583000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=134 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40010 dst=157.55.56.150 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931589000 externalId=32999 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=34862 src=10.1.210.252 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=91.109.201.127 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37950 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935184000 spt=50041 src=192.168.1.96 start=1645935184000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=9691 bytesOut=649 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.172.216.55 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931583000 externalId=32990 proto=6 reason=N/A request="http://pixel.adsafeprotected.com/jload?anId=8225&campId=360x100&pubId=76451043&chanId=11968923&placementId=206555163&pubCreative=103696219083&pubOrder=445136643&cb=698100965&custom=node_feature_scl&custom2=gallery" requestClientApplication=Internet Explorer rt=1645931583000 spt=49389 src=10.1.27.23 start=1645931583000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=91.109.201.127 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36877 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935184000 spt=50088 src=192.168.1.96 start=1645935184000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=49389 dst=10.1.27.23 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187719 proto=TCP requestClientApplication=Internet Explorer rt=1645935184000 spt=80 src=69.172.216.55 start=1645931583000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=187719 rt=1645935184000 start=1645935184000 +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931589000 externalId=33000 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=40010 src=157.55.56.150 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=45.83.234.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645932656000 externalId=39494 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932656000 spt=123 src=10.180.10.102 start=1645932656000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=34.234.149.11 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36878 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935185000 spt=49986 src=192.168.1.95 start=1645935185000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4616 bytesOut=314 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.84.3.78 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931584000 externalId=31915 proto=6 reason=N/A request=http://www.ediblearrangements.com/ requestClientApplication=Web browser rt=1645931584000 spt=37134 src=10.1.26.206 start=1645931584000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=45.83.234.123 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42646 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935185000 spt=123 src=10.180.10.102 start=1645935185000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:261|(http_inspect) HTTP chunked message body was truncated|0|act=Would Be Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=261 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=N/A deviceOutboundInterface=N/A dpt=37134 dst=10.1.26.206 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56267 proto=TCP requestClientApplication=Web browser rt=1645935185000 spt=80 src=184.84.3.78 start=1645931584000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56267 rt=1645935185000 start=1645935185000 +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=78.108.119.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931585000 externalId=31917 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931585000 spt=61351 src=172.16.133.45 start=1645931585000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=78.108.119.250 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931585000 externalId=37803 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931585000 spt=61355 src=172.16.133.45 start=1645931585000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=157.55.56.150 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931589000 externalId=33001 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=34862 src=10.1.210.252 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931589000 externalId=33002 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=40017 src=157.55.56.150 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=120 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.202.112.12 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931585000 externalId=37805 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931585000 spt=62829 src=10.1.96.105 start=1645931585000 suser=No Authentication Required +<13>Mar 04 20:51:20 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=64.4.23.148 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931587000 externalId=37807 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931587000 spt=34862 src=10.1.47.103 start=1645931587000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37953 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59666 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.94.4 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42649 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935187000 spt=123 src=10.180.10.102 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.247.94.147 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935186000 externalId=36842 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935156000 spt=51137 src=10.1.81.29 start=1645935156000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=68 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931589000 externalId=33003 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=443 src=157.55.56.150 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.94.4 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934794000 externalId=42042 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934794000 spt=123 src=10.180.10.102 start=1645934794000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37955 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59673 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42652 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59671 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.10.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935187000 externalId=42617 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935157000 spt=59114 src=10.180.10.102 start=1645935157000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=57882 dst=81.158.35.72 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931586000 externalId=31922 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931586000 spt=59370 src=10.1.55.67 start=1645931586000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931587000 externalId=31925 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931587000 spt=40009 src=64.4.23.148 start=1645931587000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=64874 dst=86.136.16.223 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931588000 externalId=31931 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931588000 spt=59370 src=10.1.92.53 start=1645931588000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40001 dst=157.55.56.150 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931589000 externalId=31933 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=34862 src=10.1.210.252 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=66 bytesOut=1626 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.202.112.12 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931585000 externalId=31920 proto=6 reason=N/A requestClientApplication=Web browser rt=1645931585000 spt=59124 src=10.1.96.105 start=1645931585000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931589000 externalId=31934 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=40001 src=157.55.56.150 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.93.28 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37956 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935188000 spt=49229 src=10.1.179.94 start=1645935188000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.93.28 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36884 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935188000 spt=49301 src=10.1.179.94 start=1645935188000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931588000 externalId=31932 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931588000 spt=64874 src=86.136.16.223 start=1645931588000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=35.169.207.73 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935188000 externalId=37931 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935158000 spt=49417 src=10.1.181.253 start=1645935158000 suser=No Authentication Required +<13>Mar 04 20:51:21 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=60 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=157.55.56.150 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931589000 externalId=31935 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=34862 src=10.1.210.252 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=35.169.207.73 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935188000 externalId=42618 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935158000 spt=49420 src=10.1.181.253 start=1645935158000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.23.96.72 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36887 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935189000 spt=53533 src=10.1.15.21 start=1645935189000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=58 bytesOut=408 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.77.12 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931589000 externalId=32924 proto=6 reason=N/A request=https://connect.facebook.net requestClientApplication=SSL client rt=1645931575000 spt=49214 src=172.16.155.149 start=1645931575000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40003 dst=157.55.130.143 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36891 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935191000 spt=34862 src=10.1.24.141 start=1645935191000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42657 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935191000 spt=40003 src=157.55.130.143 start=1645935191000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2880 bytesOut=642 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.77.12 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931589000 externalId=37744 proto=6 reason=N/A request=https://connect.facebook.net requestClientApplication=SSL client rt=1645931575000 spt=49215 src=172.16.155.149 start=1645931575000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=521 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=weather.whenu.speedera.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=64.0.96.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931593000 externalId=37826 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931593000 spt=32789 src=192.168.100.28 start=1645931593000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=80.239.237.67 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931589000 externalId=37813 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931589000 spt=49414 src=10.1.19.244 start=1645931589000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=63 bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.1.230.74 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931594000 externalId=37828 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931594000 spt=61699 src=79.130.227.98 start=1645931594000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=113 dst=192.168.100.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935192000 externalId=36848 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935162000 spt=32467 src=206.252.192.195 start=1645935162000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=66 bytesOut=351 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931591000 externalId=31940 proto=6 reason=N/A request=https://1.umps2c2.salesforce.com requestClientApplication=SSL client rt=1645931591000 spt=53176 src=172.16.133.116 start=1645931591000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=5555 dst=206.252.192.195 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935192000 externalId=36847 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935162000 spt=32805 src=10.1.252.7 start=1645935162000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36892 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935192000 spt=29388 src=202.52.237.122 start=1645935192000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=143 dst=188.128.154.183 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931591000 externalId=31941 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931591000 spt=49233 src=10.1.105.214 start=1645931591000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=195.20.11.42 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935193000 externalId=36850 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935163000 spt=49812 src=10.1.247.240 start=1645935163000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=29388 dst=202.52.237.122 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37959 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935192000 spt=59370 src=10.1.190.27 start=1645935192000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.20.9.174 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935193000 externalId=36849 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935162000 spt=52012 src=10.180.10.102 start=1645935162000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=31.13.66.5 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931592000 externalId=31942 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931592000 spt=49956 src=10.1.133.126 start=1645931592000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=182 bytesOut=249 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=61699 dst=79.130.227.98 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931594000 externalId=31943 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931594000 spt=52948 src=10.1.230.74 start=1645931594000 suser=No Authentication Required +<13>Mar 04 20:51:22 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=630 bytesOut=340 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.76.195.16 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931593000 externalId=33017 proto=6 reason=N/A request=https://ssum-sec.casalemedia.com requestClientApplication=SSL client rt=1645931593000 spt=49194 src=10.1.7.224 start=1645931593000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=2784 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=50355 dst=10.1.170.101 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931594000 externalId=33019 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931594000 spt=443 src=173.194.112.236 start=1645931594000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=124 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931594000 externalId=31946 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931594000 spt=40011 src=157.55.56.147 start=1645931594000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4919 bytesOut=615 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=89.234.47.168 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931596000 externalId=37837 proto=6 reason=N/A request=http://www.gocompare.com/car-insurance/cover-to-drive-other-cars/ requestClientApplication=Chrome rt=1645931596000 spt=49444 src=10.1.252.18 start=1645931596000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=217.43.50.250 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931596000 externalId=33025 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931596000 spt=59370 src=10.1.77.22 start=1645931596000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=88.221.92.185 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37963 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935197000 spt=49282 src=10.1.180.131 start=1645935197000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=58 bytesOut=716 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=89.234.47.168 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931596000 externalId=33022 proto=6 reason=N/A request=http://www.gocompare.com/v-635889531614117781/css/base.css requestClientApplication=Chrome rt=1645931596000 spt=49446 src=10.1.252.18 start=1645931596000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=88.221.92.185 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42662 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935197000 spt=49274 src=10.1.180.131 start=1645935197000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=88.221.92.185 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935198000 externalId=37963 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935197000 spt=49282 src=10.1.180.131 start=1645935197000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.67.178.170 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935198000 externalId=42627 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935168000 spt=50110 src=172.16.3.122 start=1645935168000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1774 bytesOut=353 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=131.253.61.68 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931597000 externalId=37841 proto=6 reason=N/A request=https://login.live.com requestClientApplication=SSL client rt=1645931597000 spt=49796 src=192.168.9.155 start=1645931597000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=89.234.47.168 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931596000 externalId=31955 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931596000 spt=49448 src=10.1.252.18 start=1645931596000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.106.30.104 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931597000 externalId=37842 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931597000 spt=49453 src=192.168.137.56 start=1645931597000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931596000 externalId=31956 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931596000 spt=51413 src=217.43.50.250 start=1645931596000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.67.33.204 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935197000 externalId=36852 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935167000 spt=34498 src=10.180.10.102 start=1645935167000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.67.118.68 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42663 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935198000 spt=49338 src=10.1.193.135 start=1645935198000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.todayswirelessworld.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931595000 externalId=31953 proto=17 reason=N/A requestClientApplication=DNS rt=1645931595000 spt=49609 src=172.16.133.45 start=1645931595000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.207 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56268 proto=TCP requestClientApplication=Unknown rt=1645935199000 spt=50092 src=172.16.133.40 start=1645935199000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=ceDDP cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56268 rt=1645935199000 start=1645935199000 +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=66 bytesOut=1039 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.106.30.104 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931597000 externalId=33028 proto=6 reason=N/A request="http://distillery.wistia.com/x?data=eyJhY2NvdW50X2tleSI6Indpc3RpYS1wcm9kdWN0aW9uXzk1ODg1Iiwic2Vzc2lvbl9pZCI6InYyMDE1MDIyN180MGQ1YzVjMS1jOWMyLTRjNjUtODFmYS04ZmJlZjM2MWE5YjkiLCJtZWRpYV9pZCI6Indpc3RpYS1wcm9kdWN0aW9uXzY1MzQwOTUiLCJldmVudF9rZXkiOiJ2MjAxNTAyMjVfMDRmYjAzYjEtOTRmYS00YTI5LWE5ODItNTJjMDEwNDFjOTFkIiwibWVkaWFfZHVyYXRpb24iOjc2LCJ2aXNpdG9yX3ZlcnNpb24iOjAsInJlZmVycmVyIjoiaHR0cDovL3d3dy5tZXJnZXJzYW5kaW5xdWlzaXRpb25zLmNvbS8iLCJldmVudF9kZXRhaWxzIjpbeyJrZXkiOiJpbml0aWFsaXplZCIsInZhbHVlIjoiLTEuMCIsInRpbWVEZWx0YSI6MTQyLCJsYXN0QWNjb3VudEluc3RhbmNlIjo0LCJsYXN0TWVkaWFJbnN0YW5jZSI6NH1dfQ%3D%3D" requestClientApplication=Internet Explorer rt=1645931597000 spt=49452 src=192.168.137.56 start=1645931597000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.35.180.245 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935199000 externalId=36853 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935169000 spt=49479 src=192.168.1.95 start=1645935169000 suser=No Authentication Required +<13>Mar 04 20:51:23 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.207 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935199000 externalId=36903 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935199000 spt=50092 src=172.16.133.40 start=1645935199000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.44.49 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42664 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935200000 spt=49815 src=192.168.137.85 start=1645935200000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.44.49 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37965 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935200000 spt=49816 src=192.168.137.85 start=1645935200000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=107.180.114.207 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935200000 externalId=42628 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935170000 spt=49224 src=192.168.1.96 start=1645935170000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=67.217.64.244 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935201000 externalId=42629 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935170000 spt=50202 src=172.16.133.35 start=1645935170000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=8.19.18.18 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36906 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935200000 spt=64502 src=172.16.133.54 start=1645935200000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=271 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.208.199 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935201000 externalId=37939 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935171000 spt=50926 src=10.1.200.17 start=1645935171000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=286 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=26948 dst=72.35.123.187 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931600000 externalId=37776 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931578000 spt=59370 src=10.1.213.88 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.113.173 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42666 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935201000 spt=49269 src=10.1.161.169 start=1645935201000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.220.199.8 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935202000 externalId=36855 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935172000 spt=49391 src=192.168.1.96 start=1645935172000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=96.120.66.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42669 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645935202000 spt=137 src=172.16.133.237 start=1645935202000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NetBIOS-ns bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=137 dst=96.120.66.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935202000 externalId=42669 proto=17 reason=N/A requestClientApplication=NetBIOS-ns rt=1645935202000 spt=137 src=172.16.133.237 start=1645935202000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=3990 bytesOut=691 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.36.115.102 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931601000 externalId=37861 proto=6 reason=N/A request=https://lyr.pubmatic.com requestClientApplication=SSL client rt=1645931601000 spt=49356 src=10.1.79.86 start=1645931601000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=52.26.87.58 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935203000 externalId=36856 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935173000 spt=49669 src=192.168.1.95 start=1645935173000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51413 dst=176.31.181.189 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931601000 externalId=37862 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931601000 spt=63448 src=10.1.64.177 start=1645931601000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=10931 bytesOut=391 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.81.200 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935203000 externalId=33041 proto=6 reason=N/A request=http://az12410.vo.msecnd.net/homepage/audio/GettyImages-473301833EN-US.mp3 requestClientApplication=Edge rt=1645931598000 spt=49809 src=10.1.124.169 start=1645931598000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=2920 bytesOut=391 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.81.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935203000 externalId=31969 proto=6 reason=N/A request=http://az12410.vo.msecnd.net/homepage/audio/GettyImages-473301833EN-US.mp3 requestClientApplication=Edge rt=1645931598000 spt=49808 src=10.1.124.169 start=1645931598000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2007 bytesOut=871 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.231.178.116 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931602000 externalId=37863 proto=6 reason=N/A request=https://cm.adgrx.com requestClientApplication=SSL client rt=1645931602000 spt=49444 src=10.1.54.37 start=1645931602000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=843 dst=54.208.115.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935204000 externalId=42630 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935174000 spt=64219 src=10.1.54.134 start=1645935174000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:201|(http_inspect) not HTTP traffic or unrecoverable HTTP protocol error|0|act=Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=201 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.192.82.195 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122021 proto=TCP requestClientApplication=Chrome rt=1645935204000 spt=56252 src=10.1.243.2 start=1645935204000 suser=No Authentication Required +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= Pw%P cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122021 rt=1645935204000 start=1645935204000 +<13>Mar 04 20:51:24 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTP bytesIn=122 bytesOut=1143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.192.82.195 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935204000 externalId=42671 proto=6 reason=Intrusion Block request=http://realtime.services.disqus.com/ws/2/thread/3969297007? requestClientApplication=Chrome rt=1645935204000 spt=56252 src=10.1.243.2 start=1645935204000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=230 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.208.115.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935204000 externalId=42632 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935174000 spt=64249 src=10.1.54.134 start=1645935174000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2887 bytesOut=449 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.119.119.76 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931602000 externalId=37864 proto=6 reason=N/A request=https://csm.va.us.criteo.net requestClientApplication=SSL client rt=1645931602000 spt=49336 src=172.16.1.149 start=1645931602000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.30.250 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931603000 externalId=37866 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931603000 spt=60643 src=10.1.158.251 start=1645931603000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=472 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931598000 externalId=31970 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931598000 spt=50321 src=46.44.133.44 start=1645931598000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.192.82.195 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42671 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935204000 spt=56252 src=10.1.243.2 start=1645935204000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.31.250 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37971 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935206000 spt=57701 src=10.1.160.32 start=1645935206000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931601000 externalId=33053 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931601000 spt=8621 src=76.85.203.189 start=1645931601000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=1386 bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.53.120.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931605000 externalId=37871 proto=6 reason=N/A request=https://omextemplates.content.office.net requestClientApplication=SSL client rt=1645931605000 spt=49768 src=192.168.9.155 start=1645931605000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8621 dst=76.85.203.189 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931601000 externalId=33052 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931601000 spt=59370 src=10.1.117.191 start=1645931601000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=192.48.105.15 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934859000 externalId=42246 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934859000 spt=123 src=10.180.10.102 start=1645934859000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=192.48.105.15 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42674 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935206000 spt=123 src=10.180.10.102 start=1645935206000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.240.166.149 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935206000 externalId=42639 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935176000 spt=63174 src=10.1.46.211 start=1645935176000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=57515 dst=89.132.101.129 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931600000 externalId=31974 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931600000 spt=59370 src=10.1.99.36 start=1645931600000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.240.166.149 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935206000 externalId=36863 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935176000 spt=63175 src=10.1.46.211 start=1645935176000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8014 dst=172.16.128.169 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935207000 externalId=37944 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935177000 spt=63349 src=172.16.133.25 start=1645935177000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=3865 bytesOut=551 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.53.120.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931605000 externalId=37873 proto=6 reason=N/A request=https://omextemplates.content.office.net requestClientApplication=SSL client rt=1645931605000 spt=49771 src=192.168.9.155 start=1645931605000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=5461 bytesOut=962 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.53.120.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931605000 externalId=37875 proto=6 reason=N/A request=https://omextemplates.content.office.net requestClientApplication=SSL client rt=1645931605000 spt=49777 src=192.168.9.155 start=1645931605000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931600000 externalId=31975 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931600000 spt=57515 src=89.132.101.129 start=1645931600000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.30.250 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931603000 externalId=33056 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931603000 spt=60642 src=10.1.158.251 start=1645931603000 suser=No Authentication Required +<13>Mar 04 20:51:25 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.75.106 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931607000 externalId=33063 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931607000 spt=62145 src=10.1.146.105 start=1645931607000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=654 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931600000 externalId=31892 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931578000 spt=26948 src=72.35.123.187 start=1645931578000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.206.154 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935208000 externalId=37945 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935178000 spt=61260 src=10.1.85.139 start=1645935178000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.206.154 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935208000 externalId=36864 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935178000 spt=61259 src=10.1.85.139 start=1645935178000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=58042 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37892 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=154 bytesOut=107 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=userlike-cdn-widgets.s3-eu-west-1.amazonaws.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37891 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=55000 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=lsbery.tk deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61377 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37896 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=345 bytesOut=271 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.15.4.18 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931608000 externalId=37886 proto=6 reason=N/A request=http://www.msftncsi.com/ncsi.txt requestClientApplication=Microsoft NCSI rt=1645931608000 spt=49158 src=172.16.104.115 start=1645931608000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.91.29 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42683 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935209000 spt=49605 src=192.168.22.94 start=1645935209000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=132 bytesOut=81 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=staticxx.facebook.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37895 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=50465 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=157 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40027 dst=111.221.77.143 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37897 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=34862 src=10.1.35.216 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931601000 externalId=31979 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931601000 spt=51413 src=176.31.181.189 start=1645931601000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.53.120.145 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935210000 externalId=31986 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931605000 spt=49773 src=192.168.9.155 start=1645931605000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.53.120.145 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935210000 externalId=31988 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931605000 spt=49776 src=192.168.9.155 start=1645931605000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=66.211.160.87 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931608000 externalId=33065 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931608000 spt=52228 src=10.1.7.142 start=1645931608000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37975 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=40004 src=157.56.52.45 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42688 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=40017 src=157.56.52.45 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=103 bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.source-werbeartikel.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33074 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=62989 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40004 dst=157.56.52.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42689 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=34862 src=10.1.243.48 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:26 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37898 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=40032 src=111.221.77.143 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=131 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40025 dst=157.56.52.45 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36912 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=34862 src=10.1.243.48 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=2863 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.112.74 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931604000 externalId=31983 proto=17 reason=N/A request=https://lh6.googleusercontent.com requestClientApplication=QUIC client rt=1645931604000 spt=55097 src=10.1.82.212 start=1645931604000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=129 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=157.56.52.45 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36911 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=34862 src=10.1.243.48 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37976 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935211000 spt=40025 src=157.56.52.45 start=1645935211000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=358 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37893 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=40034 src=111.221.77.143 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=151 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=upgrade.new.tech deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.168.100.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931605000 externalId=31989 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931605000 spt=1037 src=10.1.106.192 start=1645931605000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=129 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=157.56.52.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935210000 externalId=36911 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=34862 src=10.1.243.48 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=187 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=teredo.ipv6.microsoft.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63279 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37904 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=112 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=apis.google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53090 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33077 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=128 bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=connect.facebook.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33076 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=51034 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=93 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=bsbkxs.zdxwx3m.pw deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49890 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37900 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935210000 externalId=37975 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=40004 src=157.56.52.45 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=119 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tplandthepropforcontent.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=56313 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37902 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=132 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.175 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931607000 externalId=31778 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931548000 spt=49180 src=10.1.0.193 start=1645931548000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=132 bytesOut=87 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=oauth.googleusercontent.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33079 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=62975 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=131 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.lacoste-cheminee.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37905 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=58526 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=144 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32012 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=60461 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=186 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935211000 externalId=42688 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=40017 src=157.56.52.45 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=121 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.facebook.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32014 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=61680 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:27 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2896 bytesOut=727 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.9.3 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931607000 externalId=31998 proto=6 reason=N/A request=https://ssl.gstatic.com requestClientApplication=SSL client rt=1645931607000 spt=50260 src=10.1.243.187 start=1645931607000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fyakliwsdmjv deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57777 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37755 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=156 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=userlike-cdn-operators.s3-eu-west-1.amazonaws.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=55770 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33083 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=hckkekenivz deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37911 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=38862 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=hckkekenivz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37909 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=33145 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=hckkekenivz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=48608 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37761 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40004 dst=157.56.52.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935210000 externalId=42689 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=34862 src=10.1.243.48 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=kdtlbdfdis deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37912 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=49683 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fyakliwsdmjv deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=52970 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37759 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1999 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33078 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=40027 src=111.221.77.143 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=138 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googleadservices.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32011 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=50871 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=95 bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=nssdc.gsfc.nasa.gov deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33085 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=60891 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=148 bytesOut=180 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=47392 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37757 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=97 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37913 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=49101 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=66 bytesOut=505 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.75.106 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931607000 externalId=31996 proto=6 reason=N/A request=https://www.google.com requestClientApplication=SSL client rt=1645931607000 spt=62142 src=10.1.146.105 start=1645931607000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ssl.gstatic.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=50429 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33081 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=51125 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37907 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=96 bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=trs.webprospector.de deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32015 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=65364 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:28 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=310 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60760 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931609000 externalId=37766 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=153 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=userlike-cdn-client.s3-eu-west-1.amazonaws.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=54328 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32017 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=104 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33086 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=58417 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=98 bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.ytimg.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931610000 externalId=37914 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=36440 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.27.139.76 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935211000 externalId=37947 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935181000 spt=49292 src=192.168.1.96 start=1645935181000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.8.210.158 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935212000 externalId=36874 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935182000 spt=52226 src=10.1.174.185 start=1645935182000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.8.210.158 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935212000 externalId=42642 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935182000 spt=52225 src=10.1.174.185 start=1645935182000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=187 bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=teredo.ipv6.microsoft.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33089 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=52726 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=95 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=accounts.google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=56741 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32019 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=176 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=login.live.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=57463 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33088 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=209.167.231.15 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935213000 externalId=37949 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935183000 spt=3673 src=10.1.179.192 start=1645935183000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40032 dst=111.221.77.143 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32020 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=34862 src=10.1.35.216 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=157.112.145.19 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42692 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935212000 spt=49802 src=192.168.1.96 start=1645935212000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=310 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=50922 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931610000 externalId=37772 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=310 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=51738 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931610000 externalId=37773 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=155 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931610000 externalId=37916 proto=17 reason=N/A requestClientApplication=DNS rt=1645931610000 spt=50724 src=10.11.11.94 start=1645931610000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=50023 dst=10.1.128.133 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931610000 externalId=37919 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931610000 spt=443 src=216.58.209.174 start=1645931610000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=83 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40018 dst=111.221.77.143 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32024 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=34862 src=10.1.35.216 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=98 bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.ytimg.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931610000 externalId=37915 proto=17 reason=N/A requestClientApplication=DNS rt=1645931610000 spt=60067 src=10.11.11.94 start=1645931610000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=157.112.145.19 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36917 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935212000 spt=50030 src=192.168.1.96 start=1645935212000 suser=No Authentication Required +<13>Mar 04 20:51:29 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=237 bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fpdownload2.macromedia.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32021 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=54035 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=209.167.231.15 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935213000 externalId=36876 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935183000 spt=3674 src=10.1.179.192 start=1645935183000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=88 bytesOut=332 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=hckkekenivz.okay-boomer.info deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=60416 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32928 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=371 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40034 dst=111.221.77.143 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32013 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=34862 src=10.1.35.216 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=129 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fonts.gstatic.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59469 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32023 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=188.125.73.93 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935214000 externalId=33092 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931609000 spt=49930 src=10.1.104.102 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=87 bytesOut=330 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=kdtlbdfdis.okay-boomer.info deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=55958 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32930 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=436 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.109.201.127 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935214000 externalId=42643 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935184000 spt=49328 src=192.168.1.96 start=1645935184000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.4.249 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931612000 externalId=37924 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931612000 spt=64553 src=172.16.133.46 start=1645931612000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=92 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=dns.msftncsi.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61973 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32028 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=118 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=static.xx.fbcdn.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64751 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32026 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=436 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.109.201.127 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935214000 externalId=42644 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935184000 spt=49669 src=192.168.1.96 start=1645935184000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=81 bytesOut=194 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.narrowbanding.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=56692 dst=172.16.133.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931618000 externalId=37834 proto=17 reason=N/A requestClientApplication=DNS rt=1645931595000 spt=53 src=172.16.128.202 start=1645931595000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=kdtlbdfdis deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33091 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=43679 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=148 bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=api.bing.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32031 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=54989 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.57 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36923 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935215000 spt=3642 src=10.1.91.82 start=1645935215000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=95 bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.sv-erzhausen.de deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32034 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=64334 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=111 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.bing.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=50383 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32030 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=34.234.149.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935215000 externalId=36879 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935185000 spt=49987 src=192.168.1.95 start=1645935185000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=132 bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fonts.googleapis.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.2.41.7 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32035 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=49682 src=10.41.245.114 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:30 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.209.174 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935215000 externalId=33099 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931610000 spt=50096 src=10.1.128.133 start=1645931610000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=119 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tplandthepropforcontent.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=56397 dst=10.41.245.114 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32033 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931609000 spt=53 src=10.2.41.7 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=75 bytesOut=182 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.gstatic.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=38411 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31853 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=hckkekenivz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34540 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32933 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=185.167.166.41 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935216000 externalId=36880 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935185000 spt=49703 src=192.168.1.95 start=1645935185000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=185.167.166.41 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935216000 externalId=36881 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935186000 spt=49704 src=192.168.1.95 start=1645935186000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=142 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=hckkekenivz deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=44071 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32935 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.4.249 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935216000 externalId=33107 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931612000 spt=64560 src=172.16.133.46 start=1645931612000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fyakliwsdmjv deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=35637 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32937 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=194 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=43280 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32942 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=75 bytesOut=720 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49618 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32943 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.84 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935216000 externalId=42647 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935186000 spt=49293 src=10.1.59.103 start=1645935186000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935217000 externalId=36882 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59672 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.84 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935216000 externalId=42648 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935186000 spt=49297 src=10.1.59.103 start=1645935186000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935217000 externalId=42652 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59671 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935217000 externalId=37954 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59669 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935217000 externalId=42651 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59670 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935217000 externalId=42650 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59667 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935217000 externalId=37953 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59666 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=96.43.146.22 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935217000 externalId=37955 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935187000 spt=59673 src=172.16.133.12 start=1645935187000 suser=No Authentication Required +<13>Mar 04 20:51:31 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.4.249 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935217000 externalId=32056 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931612000 spt=64567 src=172.16.133.46 start=1645931612000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=390 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.chromebooktrivia.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=33266 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=32944 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=360 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33093 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=48027 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=86 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33094 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=33576 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.93.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935218000 externalId=36885 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935188000 spt=49302 src=10.1.179.94 start=1645935188000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.243.93.28 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935218000 externalId=42653 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935188000 spt=49228 src=10.1.179.94 start=1645935188000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.37.223.179 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42699 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935218000 spt=32880 src=172.16.1.141 start=1645935218000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=77.66.54.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935217000 externalId=32057 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931612000 spt=49466 src=10.1.2.144 start=1645931612000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=155 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931609000 externalId=33095 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=41824 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2454 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=107.23.96.72 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935219000 externalId=36886 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935189000 spt=53520 src=10.1.15.21 start=1645935189000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.72.225.91 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935219000 externalId=33116 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931615000 spt=49506 src=10.1.74.92 start=1645931615000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=167 bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fyakliwsdmjv.okay-boomer.info deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32038 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=36963 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=237 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=76.201.73.212 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931619000 externalId=37944 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931619000 spt=52395 src=192.168.22.94 start=1645931619000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fyakliwsdmjv deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=46772 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31858 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=74 bytesOut=180 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=48087 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31866 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=kdtlbdfdis deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32040 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=45937 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=140 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=kdtlbdfdis deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=55113 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31860 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=323 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=DILL.ARIN.NET deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=198.133.199.110 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36925 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935220000 spt=32789 src=10.1.183.14 start=1645935220000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=144 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fyakliwsdmjv deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=33844 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31863 proto=17 reason=N/A requestClientApplication=DNS rt=1645931576000 spt=53 src=10.11.11.11 start=1645931576000 suser=No Authentication Required +<13>Mar 04 20:51:32 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=126 bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=beacons.gcp.gvt2.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32042 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=51376 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=97 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32044 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=40848 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=96 bytesOut=80 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=chromebooktrivia.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32041 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=41856 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=75 bytesOut=698 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=39238 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31877 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=360 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32045 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=53505 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=195 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.chromebooktrivia.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32043 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=58775 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.244.35.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935220000 externalId=37958 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935190000 spt=49177 src=172.16.103.77 start=1645935190000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=70 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=kdtlbdfdis deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32039 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=46228 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=70 bytesOut=172 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=39033 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31876 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=288 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53567 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=32950 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=144 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=33097 proto=17 reason=N/A requestClientApplication=DNS rt=1645931610000 spt=58318 src=10.11.11.94 start=1645931610000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=98 bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.ytimg.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=33096 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=35867 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=195 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.chromebooktrivia.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32046 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=42893 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.ytimg.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=58110 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=32954 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=368 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.chromebooktrivia.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=41294 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=31878 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=155 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=33098 proto=17 reason=N/A requestClientApplication=DNS rt=1645931610000 spt=59216 src=10.11.11.94 start=1645931610000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=155 bytesOut=84 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.googletagmanager.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931610000 externalId=32048 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=35124 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.84.236 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931620000 externalId=37949 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931620000 spt=65412 src=10.1.199.62 start=1645931620000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42704 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935221000 spt=64781 src=10.1.64.110 start=1645935221000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37989 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935221000 spt=64764 src=10.1.64.110 start=1645935221000 suser=No Authentication Required +<13>Mar 04 20:51:33 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=349 bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.youtube.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931609000 externalId=32047 proto=17 reason=N/A requestClientApplication=DNS rt=1645931609000 spt=38121 src=10.11.11.94 start=1645931609000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42705 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935221000 spt=64787 src=10.1.64.110 start=1645935221000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=668 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=32911 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931569000 spt=28096 src=185.45.195.192 start=1645931569000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=152 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tools.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=32957 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=43625 src=10.11.11.94 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.219.120.244 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36926 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935221000 spt=64769 src=10.1.64.110 start=1645935221000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=84 bytesOut=288 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=www.google-analytics.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=38281 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931610000 externalId=32956 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=286 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=24755 dst=83.26.70.113 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931611000 externalId=32837 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931532000 spt=59370 src=10.1.166.49 start=1645931532000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesIn=3711 bytesOut=387 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.0.227 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931621000 externalId=37950 proto=6 reason=N/A requestClientApplication=SSL client rt=1645931621000 spt=49159 src=10.1.174.58 start=1645931621000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=14676 dst=61.35.83.32 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935223000 externalId=36893 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935193000 spt=52942 src=10.1.76.77 start=1645935193000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=86 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=img.timeinc.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.251.194.129 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931615000 externalId=33117 proto=17 reason=N/A requestClientApplication=DNS rt=1645931615000 spt=62514 src=10.1.134.1 start=1645931615000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=94.23.37.34 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931612000 externalId=33109 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931612000 spt=123 src=10.180.10.102 start=1645931612000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=71 bytesOut=196 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.ytimg.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=37794 dst=10.11.11.94 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931610000 externalId=31884 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=53 src=10.11.11.11 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=49001 dst=176.73.127.101 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931621000 externalId=37951 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931621000 spt=59370 src=10.1.141.70 start=1645931621000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=35164 bytesOut=1963 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.33 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931622000 externalId=37655 proto=6 reason=N/A request=http://s.ytimg.com/yts/img/icons/close-vflrEJzIW.png requestClientApplication=Chrome rt=1645931538000 spt=62647 src=172.16.133.20 start=1645931538000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=516 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ns3.apnic.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.33.14.30 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931636000 externalId=37956 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931636000 spt=32789 src=192.168.100.28 start=1645931636000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=77.85.205.151 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931637000 externalId=37957 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931637000 spt=123 src=10.180.10.102 start=1645931637000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=152 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tools.google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931610000 externalId=31885 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=40242 src=10.11.11.94 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=fonts.timeinc.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=205.251.194.129 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931615000 externalId=33118 proto=17 reason=N/A requestClientApplication=DNS rt=1645931615000 spt=62694 src=10.1.134.1 start=1645931615000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=152 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=tools.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=10.11.11.11 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931610000 externalId=31886 proto=17 reason=N/A requestClientApplication=DNS rt=1645931577000 spt=34324 src=10.11.11.94 start=1645931577000 suser=No Authentication Required +<13>Mar 04 20:51:34 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52634 dst=207.47.250.146 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931616000 externalId=32063 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931616000 spt=50983 src=10.1.183.194 start=1645931616000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.7.30 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42707 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935223000 spt=42447 src=10.1.207.217 start=1645935223000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=SSH bytesIn=253 bytesOut=260 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=22 dst=10.2.7.30 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935223000 externalId=42707 proto=6 reason=N/A requestClientApplication=SSH client rt=1645935223000 spt=42447 src=10.1.207.217 start=1645935223000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=1068 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=mail.google.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=64475 dst=10.0.1.243 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931649000 externalId=37974 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931649000 spt=53 src=10.0.1.4 start=1645931649000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=10.2.7.30 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36928 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935223000 spt=37930 src=10.1.207.217 start=1645935223000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=634 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931611000 externalId=31743 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931532000 spt=24755 src=83.26.70.113 start=1645931532000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=498 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50983 dst=172.16.255.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931616000 externalId=32064 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931616000 spt=52634 src=207.47.250.146 start=1645931616000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=308 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931617000 externalId=32067 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931617000 spt=23727 src=111.99.42.37 start=1645931617000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=23727 dst=111.99.42.37 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931617000 externalId=33120 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931617000 spt=59370 src=10.1.215.223 start=1645931617000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54789 dst=185.21.217.56 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931618000 externalId=33121 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931618000 spt=63448 src=10.1.42.253 start=1645931618000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=twitter.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931618000 externalId=32069 proto=17 reason=N/A requestClientApplication=DNS rt=1645931618000 spt=59584 src=172.16.133.45 start=1645931618000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=176 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=facebook.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50213 dst=172.16.133.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931618000 externalId=31952 proto=17 reason=N/A requestClientApplication=DNS rt=1645931595000 spt=53 src=172.16.128.202 start=1645931595000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=551 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=clients6.google.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=50656 dst=10.0.1.243 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931649000 externalId=33147 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931649000 spt=53 src=10.0.1.4 start=1645931649000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=50.19.238.1 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931621000 externalId=32083 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931621000 spt=49160 src=172.16.1.204 start=1645931621000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=72 bytesOut=88 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=linkedin.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=56237 dst=172.16.133.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931618000 externalId=33021 proto=17 reason=N/A requestClientApplication=DNS rt=1645931595000 spt=53 src=172.16.128.202 start=1645931595000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931621000 externalId=33129 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931621000 spt=62648 src=172.16.133.20 start=1645931621000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=170.187.158.81 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931637000 externalId=33134 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931637000 spt=123 src=10.180.10.102 start=1645931637000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.102.174 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42711 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935225000 spt=55379 src=10.1.232.131 start=1645935225000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.85.84.236 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935225000 externalId=32081 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931620000 spt=65413 src=10.1.199.62 start=1645931620000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=7195 bytesOut=523 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931621000 externalId=33130 proto=6 reason=N/A request=http://s.ytimg.com/yts/jsbin/www-watch-core-vflwXV3bc.js requestClientApplication=Chrome rt=1645931621000 spt=62649 src=172.16.133.20 start=1645931621000 suser=No Authentication Required +<13>Mar 04 20:51:35 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.102.174 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37993 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935225000 spt=55382 src=10.1.232.131 start=1645935225000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.230.92.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935226000 externalId=37962 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935196000 spt=53607 src=10.1.132.248 start=1645935196000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.230.92.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935226000 externalId=37961 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935196000 spt=53606 src=10.1.132.248 start=1645935196000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.230.92.33 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935226000 externalId=42661 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935196000 spt=53608 src=10.1.132.248 start=1645935196000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42717 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49269 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38001 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49559 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=74 bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.1.2 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=37999 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49756 src=172.16.3.122 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36933 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49174 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36938 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49327 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36936 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49324 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36937 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49326 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42719 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49719 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36935 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49270 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=166 bytesOut=261 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935227000 externalId=36938 proto=6 reason=N/A requestClientApplication=SSL client rt=1645935227000 spt=49327 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36939 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49558 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36940 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49560 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=166 bytesOut=269 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935227000 externalId=36939 proto=6 reason=N/A requestClientApplication=SSL client rt=1645935227000 spt=49558 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935227000 externalId=36937 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49326 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.28.30 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38003 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=49741 src=192.168.9.155 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2905 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.67.118.68 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935228000 externalId=36901 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935198000 spt=49339 src=10.1.193.135 start=1645935198000 suser=No Authentication Required +<13>Mar 04 20:51:36 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935227000 externalId=42717 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49269 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38004 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=40025 src=157.55.130.157 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42721 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=40024 src=157.55.130.157 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36944 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935229000 spt=40018 src=157.55.130.157 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=134 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40025 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42720 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=34862 src=10.1.226.243 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40031 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38005 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=34862 src=10.1.226.243 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36943 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=40031 src=157.55.130.157 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40011 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42722 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=34862 src=10.1.226.243 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38007 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935229000 spt=40010 src=157.55.130.157 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.207 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935229000 externalId=36904 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935199000 spt=50182 src=172.16.133.40 start=1645935199000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=44892 dst=86.123.243.123 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42725 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935229000 spt=59370 src=10.1.171.82 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=132 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40024 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36942 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=34862 src=10.1.226.243 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40010 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42723 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935229000 spt=34862 src=10.1.226.243 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38006 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=40011 src=157.55.130.157 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40018 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38008 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935229000 spt=34862 src=10.1.226.243 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=157.55.130.157 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42724 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935229000 spt=34862 src=10.1.226.243 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38009 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935229000 spt=40017 src=157.55.130.157 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42726 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935229000 spt=44892 src=86.123.243.123 start=1645935229000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.44.49 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935230000 externalId=37965 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935200000 spt=49816 src=192.168.137.85 start=1645935200000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.220.254 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38011 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935230000 spt=58230 src=10.1.249.161 start=1645935230000 suser=No Authentication Required +<13>Mar 04 20:51:37 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.220.254 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36945 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935230000 spt=58221 src=10.1.249.161 start=1645935230000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.220.254 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36946 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935230000 spt=58234 src=10.1.249.161 start=1645935230000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=8.19.18.18 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935231000 externalId=37966 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935200000 spt=64501 src=172.16.133.54 start=1645935200000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=91 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=_ldap._tcp.dc._msdcs.mshome.net deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.168.137.1 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38016 proto=17 reason=N/A requestClientApplication=DNS rt=1645935231000 spt=64381 src=192.168.137.113 start=1645935231000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTP bytesIn=58 bytesOut=475 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=88.221.134.170 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935232000 externalId=38017 proto=6 reason=Intrusion Block request=http://w.sharethis.com/button/buttons.js requestClientApplication=Internet Explorer rt=1645935232000 spt=49372 src=172.16.165.132 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=88.221.134.170 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38017 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935232000 spt=49372 src=172.16.165.132 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=530 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934433000 externalId=35931 proto=17 reason=N/A requestClientApplication=Unknown rt=1645934433000 spt=40030 src=111.221.77.168 start=1645934433000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36948 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935232000 spt=40016 src=111.221.77.168 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40016 dst=111.221.77.168 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42728 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935232000 spt=34862 src=10.1.49.202 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=74 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40030 dst=111.221.77.168 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38018 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935232000 spt=34862 src=10.1.49.202 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=530 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36947 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935232000 spt=40030 src=111.221.77.168 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:41379|SERVER-OTHER Squid HTTP Vary response header denial of service attempt|6|act=Blocked app=HTTP cat=Detection of a Network Scan cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=41379 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=49372 dst=172.16.165.132 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187720 proto=TCP requestClientApplication=Internet Explorer rt=1645935232000 spt=80 src=88.221.134.170 start=1645935232000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.193.140 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935233000 externalId=37969 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935202000 spt=46970 src=10.180.10.102 start=1645935202000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36949 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935233000 spt=13797 src=108.240.124.33 start=1645935233000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645934073000 externalId=35357 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645934073000 spt=13797 src=108.240.124.33 start=1645934073000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=13797 dst=108.240.124.33 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38019 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935233000 spt=59370 src=10.1.177.69 start=1645935233000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.219.33 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38020 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935234000 spt=49222 src=10.1.205.40 start=1645935234000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.219.33 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36951 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935234000 spt=49224 src=10.1.205.40 start=1645935234000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.1.170 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38022 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935235000 spt=49231 src=10.1.94.19 start=1645935235000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.130 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935235000 externalId=42672 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935205000 spt=49414 src=10.1.189.135 start=1645935205000 suser=No Authentication Required +<13>Mar 04 20:51:38 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.31.250 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935236000 externalId=37970 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935206000 spt=57700 src=10.1.160.32 start=1645935206000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36953 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935236000 spt=24755 src=83.26.70.113 start=1645935236000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=180.153.31.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935236000 externalId=36908 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935206000 spt=57702 src=10.1.160.32 start=1645935206000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.103.140.2 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42731 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935236000 spt=2545 src=10.1.194.13 start=1645935236000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=24755 dst=83.26.70.113 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42730 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935236000 spt=59370 src=10.1.239.113 start=1645935236000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.81.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935237000 externalId=42676 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=62406 src=10.1.147.202 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.81.145 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935237000 externalId=37972 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=62405 src=10.1.147.202 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.81.145 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935237000 externalId=36909 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=62409 src=10.1.147.202 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.81.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935237000 externalId=42678 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=62408 src=10.1.147.202 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.81.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935237000 externalId=42679 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=62410 src=10.1.147.202 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.4.81.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935237000 externalId=42677 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=62407 src=10.1.147.202 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.201.225 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38023 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935237000 spt=52322 src=10.1.169.58 start=1645935237000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=8443 dst=66.235.136.89 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36955 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935237000 spt=57250 src=192.168.3.131 start=1645935237000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.59.228.136 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935238000 externalId=37973 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935208000 spt=60383 src=172.16.133.48 start=1645935208000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.129.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935238000 externalId=42680 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935207000 spt=57462 src=10.180.10.102 start=1645935207000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:129:15|STREAM5_BAD_RST|6|act=Blocked app=Unknown cat=Attempted Denial of Service cn1Label=vlan cn2=5 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=15 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=52.84.243.157 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56269 proto=TCP requestClientApplication=Unknown rt=1645935238000 spt=49401 src=172.16.45.52 start=1645935238000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:16282|PUA-P2P Bittorrent uTP peer request|8|act=Blocked app=BitTorrent cat=Misc Activity cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=16282 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50101 dst=87.92.98.148 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=122022 proto=UDP requestClientApplication=BitTorrent rt=1645935239000 spt=63448 src=10.1.33.214 start=1645935239000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1=g?P cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=56269 rt=1645935238000 start=1645935238000 +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|PKT:2:1|Packet Data|7|cs1= pd1:ad2:id20:oyHLlJwj9:info_hash20:nnYw8F}e1:q9:get_peers1:t2:A 1:v4:LT 1:y1:qe cs1Label=payload deviceExternalId=1 dvchost=CSTA-vFTD-Production externalId=122022 rt=1645935239000 start=1645935239000 +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50101 dst=87.92.98.148 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935239000 externalId=42735 proto=17 reason=Intrusion Block requestClientApplication=BitTorrent rt=1645935239000 spt=63448 src=10.1.33.214 start=1645935239000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=Unknown bytesIn=10141 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=52.84.243.157 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935238000 externalId=36956 proto=6 reason=Intrusion Block requestClientApplication=Unknown rt=1645935238000 spt=49401 src=172.16.45.52 start=1645935238000 suser=No Authentication Required +<13>Mar 04 20:51:39 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=146 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50101 dst=87.92.98.148 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42735 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935239000 spt=63448 src=10.1.33.214 start=1645935239000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=136.243.134.170 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935240000 externalId=36910 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=49430 src=192.168.1.96 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=136.243.134.170 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935240000 externalId=42684 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935210000 spt=49420 src=192.168.1.96 start=1645935210000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=85 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38025 proto=17 reason=N/A requestClientApplication=DNS rt=1645935240000 spt=65128 src=172.16.133.118 start=1645935240000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.2 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36959 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935240000 spt=64276 src=10.1.163.139 start=1645935240000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.191 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38026 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935241000 spt=50571 src=10.1.200.74 start=1645935241000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.191 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42740 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935241000 spt=50568 src=10.1.200.74 start=1645935241000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.178.15.187 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42741 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935242000 spt=49201 src=192.168.137.81 start=1645935242000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.62.9 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645932030000 externalId=38067 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932030000 spt=123 src=10.180.10.102 start=1645932030000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1382 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=192.229.210.158 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935242000 externalId=37978 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935212000 spt=49740 src=10.1.82.178 start=1645935212000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.62.9 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42742 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935242000 spt=123 src=10.180.10.102 start=1645935242000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.178.15.187 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36961 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935242000 spt=49211 src=192.168.137.81 start=1645935242000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=192.229.210.158 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935242000 externalId=36914 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935212000 spt=49739 src=10.1.82.178 start=1645935212000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=157.112.145.19 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935242000 externalId=37980 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935212000 spt=49296 src=192.168.1.96 start=1645935212000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.185.202.180 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935243000 externalId=37982 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935213000 spt=51178 src=10.1.20.211 start=1645935213000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.185.202.180 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935243000 externalId=36921 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935213000 spt=51217 src=10.1.20.211 start=1645935213000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.65.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935243000 externalId=42693 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935212000 spt=43502 src=10.180.10.102 start=1645935212000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.185.202.180 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935243000 externalId=36919 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935213000 spt=51192 src=10.1.20.211 start=1645935213000 suser=No Authentication Required +<13>Mar 04 20:51:40 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.239.168.236 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36963 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935243000 spt=51678 src=10.1.252.17 start=1645935243000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.185.202.180 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935243000 externalId=37983 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935213000 spt=51215 src=10.1.20.211 start=1645935213000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=91.185.202.180 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935243000 externalId=36920 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935213000 spt=51216 src=10.1.20.211 start=1645935213000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=29075 dst=81.24.91.220 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42745 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935244000 spt=59370 src=10.1.58.110 start=1645935244000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38029 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935244000 spt=29075 src=81.24.91.220 start=1645935244000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=50.205.244.38 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38030 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935245000 spt=123 src=10.180.10.102 start=1645935245000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=35.232.111.17 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935245000 externalId=42695 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935215000 spt=41982 src=10.180.10.102 start=1645935215000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=67.69.174.32 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935244000 externalId=36922 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935214000 spt=60222 src=172.16.133.87 start=1645935214000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.84 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42749 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935246000 spt=49359 src=10.1.59.103 start=1645935246000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=120 bytesOut=467 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.84 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935246000 externalId=42747 proto=6 reason=N/A request="http://ib.adnxs.com/getuid?http://ums.adtech.de/mapuser?providerid=1001;userid=$UID" requestClientApplication=Internet Explorer rt=1645935246000 spt=49297 src=10.1.59.103 start=1645935246000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.84 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42747 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935246000 spt=49297 src=10.1.59.103 start=1645935246000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.39 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935247000 externalId=42697 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935217000 spt=49243 src=172.16.45.52 start=1645935217000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.39 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935247000 externalId=37984 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935217000 spt=49244 src=172.16.45.52 start=1645935217000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.37.223.179 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935248000 externalId=42698 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935218000 spt=32879 src=172.16.1.141 start=1645935218000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.1.140 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935248000 externalId=37985 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935217000 spt=51448 src=10.180.10.102 start=1645935217000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3791 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.37.223.179 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935248000 externalId=42700 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935218000 spt=58950 src=172.16.1.141 start=1645935218000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42752 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=40009 src=111.221.77.155 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=69.164.198.192 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933935000 externalId=36301 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933935000 spt=123 src=10.180.10.102 start=1645933935000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40018 dst=111.221.77.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38034 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=34862 src=10.1.250.198 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=111.221.77.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36968 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=34862 src=10.1.250.198 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:41 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935249000 externalId=42752 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=40009 src=111.221.77.155 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=69.164.198.192 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38035 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935249000 spt=123 src=10.180.10.102 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=77 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=111.221.77.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935249000 externalId=36968 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=34862 src=10.1.250.198 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=167 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51444 dst=172.16.133.47 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38036 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=1853 src=10.1.23.161 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=167 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1853 dst=68.64.21.45 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38037 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=51444 src=172.16.133.47 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=334 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1853 dst=68.64.21.45 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935249000 externalId=38037 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=51444 src=172.16.133.47 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=167 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51444 dst=172.16.133.47 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935249000 externalId=38036 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935249000 spt=1853 src=10.1.23.161 start=1645935249000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.93.220 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935249000 externalId=36924 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935219000 spt=52177 src=10.1.159.82 start=1645935219000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=199.168.112.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935250000 externalId=42701 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935220000 spt=49411 src=10.1.198.20 start=1645935220000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=199.168.112.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935250000 externalId=37987 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935220000 spt=49410 src=10.1.198.20 start=1645935220000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2655 bytesOut=303 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.25.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931650000 externalId=32096 proto=6 reason=N/A request=https://stats.g.doubleclick.net requestClientApplication=SSL client rt=1645931650000 spt=49317 src=172.16.155.149 start=1645931650000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.72.180.68 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935251000 externalId=37988 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935220000 spt=60577 src=10.1.90.151 start=1645935220000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.72.180.68 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935251000 externalId=42702 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935220000 spt=60576 src=10.1.90.151 start=1645935220000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42756 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935251000 spt=51644 src=142.177.127.7 start=1645935251000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=51644 dst=142.177.127.7 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42755 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935251000 spt=59370 src=10.1.32.43 start=1645935251000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=718 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931652000 externalId=32098 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931652000 spt=61704 src=201.158.44.18 start=1645931652000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=4294967295 bytesOut=3425 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=1853 dst=68.64.21.42 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931676000 externalId=32107 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931676000 spt=62603 src=172.16.133.36 start=1645931676000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=63.241.108.103 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935252000 externalId=37990 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935222000 spt=49186 src=10.1.175.167 start=1645935222000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesIn=1392 bytesOut=4176 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.137 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935253000 externalId=42760 proto=17 reason=N/A request=https://safebrowsing.google.com requestClientApplication=QUIC client rt=1645935252000 spt=53668 src=10.1.19.8 start=1645935252000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=185.65.137.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931677000 externalId=32108 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931677000 spt=123 src=10.180.10.102 start=1645931677000 suser=No Authentication Required +<13>Mar 04 20:51:42 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.137 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935253000 externalId=38043 proto=17 reason=N/A request=https://safebrowsing.google.com requestClientApplication=QUIC client rt=1645935253000 spt=55946 src=10.1.19.8 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.137 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38043 proto=17 reason=N/A request=https://safebrowsing.google.com requestClientApplication=QUIC client rt=1645935253000 spt=55946 src=10.1.19.8 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.137 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42760 proto=17 reason=N/A request=https://safebrowsing.google.com requestClientApplication=QUIC client rt=1645935252000 spt=53668 src=10.1.19.8 start=1645935252000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=71 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40003 dst=157.55.130.143 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36972 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935253000 spt=34862 src=10.1.24.141 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=211 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40003 dst=157.55.130.143 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935253000 externalId=36891 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935191000 spt=34862 src=10.1.24.141 start=1645935191000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=55946 dst=10.1.19.8 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38044 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935253000 spt=443 src=173.194.116.137 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.71.121.1 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935253000 externalId=37991 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935223000 spt=62724 src=10.1.232.71 start=1645935223000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.137 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42762 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935253000 spt=50885 src=10.1.19.8 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931688000 externalId=32118 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931688000 spt=11017 src=46.99.23.53 start=1645931688000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=3063 bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=61825 dst=10.1.0.148 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931686000 externalId=32115 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931686000 spt=443 src=216.58.209.173 start=1645931686000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=4294967295 bytesOut=5712 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935253000 externalId=42657 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935191000 spt=40003 src=157.55.130.143 start=1645935191000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1397 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42763 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935253000 spt=40003 src=157.55.130.143 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:43 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=11017 dst=46.99.23.53 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931688000 externalId=32117 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931688000 spt=59370 src=10.1.169.30 start=1645931688000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=48485 dst=87.252.162.234 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931689000 externalId=32119 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931689000 spt=59370 src=10.1.13.188 start=1645931689000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.116.137 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935253000 externalId=42762 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935253000 spt=50885 src=10.1.19.8 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.199 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934925000 externalId=42308 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934925000 spt=123 src=10.180.10.102 start=1645934925000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.199 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42764 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935254000 spt=123 src=10.180.10.102 start=1645935254000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=527 bytesOut=793 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.204.50.20 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935254000 externalId=36204 proto=6 reason=N/A request=http://www.fnw.us/ requestClientApplication=Internet Explorer rt=1645934687000 spt=49221 src=192.168.1.96 start=1645934687000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=10.2.7.30 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935253000 externalId=36928 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935223000 spt=37930 src=10.1.207.217 start=1645935223000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931689000 externalId=32120 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931689000 spt=48485 src=87.252.162.234 start=1645931689000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=21550 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=108.161.188.218 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935254000 externalId=37992 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935224000 spt=49222 src=172.16.155.149 start=1645935224000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=108.161.188.218 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935254000 externalId=36930 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935224000 spt=49223 src=172.16.155.149 start=1645935224000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1464 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62798 dst=10.3.14.131 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935255000 externalId=42766 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935255000 spt=443 src=172.217.6.132 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.6.132 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935255000 externalId=38045 proto=17 reason=N/A request=https://www.google.com requestClientApplication=QUIC client rt=1645935255000 spt=62798 src=10.1.185.202 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.23.102.174 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935255000 externalId=36931 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935225000 spt=55381 src=10.1.232.131 start=1645935225000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=182 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40023 dst=111.221.77.176 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42768 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935255000 spt=31325 src=10.1.205.82 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62798 dst=10.3.14.131 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42766 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935255000 spt=443 src=172.217.6.132 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=QUIC bytesOut=1392 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=172.217.6.132 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38045 proto=17 reason=N/A request=https://www.google.com requestClientApplication=QUIC client rt=1645935255000 spt=62798 src=10.1.185.202 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=63 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=31325 dst=10.128.0.14 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36975 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935255000 spt=40023 src=111.221.77.176 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=182 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40023 dst=111.221.77.176 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935255000 externalId=42768 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935255000 spt=31325 src=10.1.205.82 start=1645935255000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.23.102.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935255000 externalId=42712 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935225000 spt=55380 src=10.1.232.131 start=1645935225000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTP bytesIn=1572 bytesOut=537 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.78.44 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935256000 externalId=36976 proto=6 reason=Intrusion Block request=http://www.ebay.com/ requestClientApplication=Chrome rt=1645935256000 spt=52230 src=10.1.123.94 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.78.44 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36976 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935256000 spt=52230 src=10.1.123.94 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=374 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=138.108.96.100 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935256000 externalId=37994 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935226000 spt=49452 src=10.1.69.94 start=1645935226000 suser=No Authentication Required +<13>Mar 04 20:51:44 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=138.108.96.100 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935256000 externalId=42713 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935226000 spt=49437 src=10.1.69.94 start=1645935226000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.15.4.24 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38047 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935256000 spt=62806 src=10.1.181.229 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.78.44 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38048 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935256000 spt=52231 src=10.1.123.94 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:119:202|(http_inspect) chunk length has excessive leading zeros|1|act=Blocked app=HTTP cat=A Client was Using an Unusual Port cn1Label=vlan cn2=4 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=202 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=52230 dst=10.1.123.94 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56270 proto=TCP requestClientApplication=Chrome rt=1645935256000 spt=80 src=23.63.78.44 start=1645935256000 suser=No Authentication Require<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=6881 dst=37.112.247.77 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42770 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935256000 spt=59370 src=10.1.19.116 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935257000 externalId=38000 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49325 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935257000 externalId=38002 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49561 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=338 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645932619000 externalId=32263 proto=17 reason=N/A requestClientApplication=Unknown rt=1645932619000 spt=6881 src=37.112.247.77 start=1645932619000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935257000 externalId=36934 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49175 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935257000 externalId=42715 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935226000 spt=49173 src=10.1.123.17 start=1645935226000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935257000 externalId=42719 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49719 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935257000 externalId=42716 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49264 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=338 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36977 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935256000 spt=6881 src=37.112.247.77 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=191.233.80.151 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935257000 externalId=36940 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935227000 spt=49560 src=10.1.123.17 start=1645935227000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=34.194.61.181 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935258000 externalId=36941 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935228000 spt=49276 src=10.1.61.180 start=1645935228000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:37913|POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt|7|act=Blocked app=HTTPS cat=Misc Activity cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=37913 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=56492 dst=10.1.191.233 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=56271 proto=TCP requestClientApplication=SSL client rt=1645935259000 spt=443 src=173.194.43.32 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|7|act=Block app=HTTPS bytesIn=66 bytesOut=368 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.32 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935259000 externalId=36981 proto=6 reason=Intrusion Block request=https://clients2.google.com requestClientApplication=SSL client rt=1645935259000 spt=56492 src=10.1.191.233 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=4294967295 bytesOut=3173 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=62603 dst=172.16.133.36 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931676000 externalId=33166 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931676000 spt=1853 src=10.1.179.5 start=1645931676000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=64.74.232.42 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931658000 externalId=33154 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931658000 spt=55829 src=10.1.193.95 start=1645931658000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931694000 externalId=33172 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931694000 spt=57606 src=50.167.110.46 start=1645931694000 suser=No Authentication Required +<13>Mar 04 20:51:45 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.43.32 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36981 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935259000 spt=56492 src=10.1.191.233 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=154 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=35777 dst=204.9.163.160 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38053 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935259000 spt=50983 src=10.1.165.110 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=89 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sync.tubemogul.com deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=192.48.79.30 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36982 proto=17 reason=N/A requestClientApplication=DNS rt=1645935260000 spt=62397 src=10.1.27.60 start=1645935260000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=923 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sync.tubemogul.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=62397 dst=10.1.27.60 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935175000 externalId=36862 proto=17 reason=N/A requestClientApplication=DNS client rt=1645935175000 spt=53 src=192.48.79.30 start=1645935175000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=104.27.179.248 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935261000 externalId=38013 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935231000 spt=49701 src=192.168.1.96 start=1645935231000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=317 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42776 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935261000 spt=40604 src=86.38.0.208 start=1645935261000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=25 dst=104.27.179.248 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935261000 externalId=38015 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935231000 spt=49940 src=192.168.1.96 start=1645935231000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=327 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=59370 dst=10.0.0.46 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38057 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935261000 spt=52072 src=128.73.209.24 start=1645935261000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52072 dst=128.73.209.24 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38056 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935261000 spt=59370 src=10.1.2.78 start=1645935261000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40604 dst=86.38.0.208 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36983 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645935261000 spt=59370 src=10.1.138.146 start=1645935261000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42777 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935262000 spt=40019 src=157.55.130.142 start=1645935262000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=62 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935262000 externalId=42777 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935262000 spt=40019 src=157.55.130.142 start=1645935262000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1397 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36985 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935262000 spt=40009 src=157.55.130.142 start=1645935262000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=134 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40019 dst=157.55.130.142 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36984 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935262000 spt=34862 src=10.1.125.5 start=1645935262000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=2794 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.0.45 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935262000 externalId=36985 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935262000 spt=40009 src=157.55.130.142 start=1645935262000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=72 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=157.55.130.142 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38058 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935262000 spt=34862 src=10.1.125.5 start=1645935262000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=128.2.217.13 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36987 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935263000 spt=50576 src=10.1.174.101 start=1645935263000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=58 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=128.2.217.13 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42779 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935263000 spt=50577 src=10.1.174.101 start=1645935263000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.97.186.233 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935264000 externalId=36950 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935234000 spt=49747 src=10.1.92.22 start=1645935234000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2734 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.58.219.33 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935264000 externalId=38021 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935234000 spt=49223 src=10.1.205.40 start=1645935234000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1460 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.2.34 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935265000 externalId=36952 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935234000 spt=49211 src=10.1.113.187 start=1645935234000 suser=No Authentication Required +<13>Mar 04 20:51:46 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=172.217.2.34 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935265000 externalId=42729 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935235000 spt=49212 src=10.1.113.187 start=1645935235000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=4384 bytesOut=7492 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.198.96.146 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931664000 externalId=37955 proto=6 reason=N/A request="http://b.scorecardresearch.com/b?c1=2&c2=6036484&ns__t=1458388729592&ns_c=UTF-8&c8=Changing%20fonts%20can%20save%20printer%20ink%20-%2012%20weird%20but%20true%20facts%20about%20technology%20%7C%20The%20Economic%20Times&c7=http%3A%2F%2Feconomictimes.indiatimes.com%2Fslideshows%2Ftech-life%2F12-weird-but-true-facts-about-technology%2Fchanging-fonts-can-save-printer-ink%2Fslideshow%2F51419400.cms&c9=https%3A%2F%2Fwww.google.cz%2F" requestClientApplication=Chrome rt=1645931634000 spt=49647 src=10.1.180.190 start=1645931634000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.192.201.225 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935267000 externalId=42732 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935237000 spt=49906 src=10.1.169.58 start=1645935237000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=598 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=66.235.136.89 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935267000 externalId=36954 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935237000 spt=57250 src=192.168.3.131 start=1645935237000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2631 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=13.107.18.254 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935268000 externalId=42733 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935238000 spt=50134 src=10.1.74.4 start=1645935238000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=52.84.243.157 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935268000 externalId=42734 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935238000 spt=49399 src=172.16.45.52 start=1645935238000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=647 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=50101 dst=87.92.98.148 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935269000 externalId=42737 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935239000 spt=49911 src=10.1.33.214 start=1645935239000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.168.221.63 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935269000 externalId=36958 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935239000 spt=49194 src=192.168.204.139 start=1645935239000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=184.168.221.63 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935269000 externalId=36957 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935239000 spt=49190 src=192.168.204.139 start=1645935239000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=108.61.73.243 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935142000 externalId=42610 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935142000 spt=123 src=10.180.10.102 start=1645935142000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=108.61.73.243 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42781 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935270000 spt=123 src=10.180.10.102 start=1645935270000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.191 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935271000 externalId=38026 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935241000 spt=50571 src=10.1.200.74 start=1645935241000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.191 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935271000 externalId=42738 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935241000 spt=50567 src=10.1.200.74 start=1645935241000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.191 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935271000 externalId=42740 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935241000 spt=50568 src=10.1.200.74 start=1645935241000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.178.15.187 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935272000 externalId=36960 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935242000 spt=49210 src=192.168.137.81 start=1645935242000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1363 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=108.178.15.187 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935272000 externalId=36962 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935242000 spt=49212 src=192.168.137.81 start=1645935242000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.81.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935273000 externalId=42744 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935243000 spt=49165 src=172.16.45.52 start=1645935243000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=20280 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=72.21.81.200 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935273000 externalId=42743 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935243000 spt=49164 src=172.16.45.52 start=1645935243000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.239.168.236 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935273000 externalId=38028 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935243000 spt=51676 src=10.1.252.17 start=1645935243000 suser=No Authentication Required +<13>Mar 04 20:51:47 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935274000 externalId=37255 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49501 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=4170 bytesOut=513 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.42.155.187 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931673000 externalId=37986 proto=6 reason=N/A request=https://play.itunes.apple.com requestClientApplication=SSL client rt=1645931673000 spt=49163 src=10.1.186.229 start=1645931673000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935274000 externalId=36156 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934672000 spt=49288 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935274000 externalId=41929 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934672000 spt=49188 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935274000 externalId=37257 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49504 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935274000 externalId=36158 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49298 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935274000 externalId=41931 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49202 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935274000 externalId=37249 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49241 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935274000 externalId=41932 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49240 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935274000 externalId=36153 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49203 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935274000 externalId=37250 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934672000 spt=49244 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935274000 externalId=37251 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49245 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935274000 externalId=36160 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49301 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935274000 externalId=36163 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49502 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935274000 externalId=37252 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934672000 spt=49329 src=10.1.134.107 start=1645934672000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935275000 externalId=36169 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49665 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=143 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=57606 dst=50.167.110.46 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931694000 externalId=37996 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931694000 spt=59370 src=10.1.142.137 start=1645931694000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935275000 externalId=36176 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49681 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=54.208.226.181 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935275000 externalId=38031 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935245000 spt=49939 src=10.1.25.45 start=1645935245000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935275000 externalId=37263 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49682 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:51:48 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935275000 externalId=41940 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=49658 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935275000 externalId=37259 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934673000 spt=49659 src=10.1.134.107 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935276000 externalId=37265 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49796 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesOut=45 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935276000 externalId=36182 proto=6 reason=N/A requestClientApplication=SSL client rt=1645934674000 spt=49801 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=5278 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=157.56.238.6 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935276000 externalId=42750 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935246000 spt=57222 src=172.16.133.95 start=1645935246000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.162.84 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935276000 externalId=42746 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935246000 spt=49293 src=10.1.59.103 start=1645935246000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935276000 externalId=37274 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53876 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935276000 externalId=36185 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49809 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935276000 externalId=37270 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49807 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935276000 externalId=37275 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49813 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=104.40.141.105 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935276000 externalId=37272 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=49810 src=10.1.134.107 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=68.64.24.250 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935276000 externalId=36187 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934674000 spt=53854 src=172.16.133.116 start=1645934674000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.89.93.5 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935277000 externalId=38032 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935247000 spt=64738 src=172.16.133.54 start=1645935247000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=107.172.97.205 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931769000 externalId=38005 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931769000 spt=123 src=10.180.10.102 start=1645931769000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=22860 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.10.209 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935277000 externalId=36964 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935247000 spt=52357 src=10.1.243.66 start=1645935247000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.67.242.106 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935278000 externalId=38033 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935248000 spt=3688 src=172.16.133.163 start=1645935248000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=690 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.67.242.106 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935278000 externalId=36966 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935248000 spt=3687 src=172.16.133.163 start=1645935248000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.96.152.142 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935278000 externalId=36967 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935248000 spt=49503 src=10.1.239.87 start=1645935248000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=104.96.152.142 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935278000 externalId=42751 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935248000 spt=49502 src=10.1.239.87 start=1645935248000 suser=No Authentication Required +<13>Mar 04 20:51:49 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=75 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40030 dst=111.221.77.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931813000 externalId=38018 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931813000 spt=34862 src=10.1.72.158 start=1645931813000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=2708 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.83.62.106 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935280000 externalId=42754 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935250000 spt=51835 src=10.1.83.91 start=1645935250000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=79 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40017 dst=111.221.77.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931813000 externalId=38019 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931813000 spt=34862 src=10.1.72.158 start=1645931813000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.251.138.168 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935281000 externalId=42757 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935251000 spt=60554 src=10.1.145.126 start=1645935251000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=40.114.149.220 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935281000 externalId=36970 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935251000 spt=49208 src=10.1.1.2 start=1645935251000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=40.114.149.220 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935281000 externalId=38040 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935251000 spt=49207 src=10.1.1.2 start=1645935251000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.251.138.168 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935282000 externalId=42758 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935251000 spt=60559 src=10.1.145.126 start=1645935251000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=198.51.152.183 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935282000 externalId=38041 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935252000 spt=53186 src=10.1.133.249 start=1645935252000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=1109 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40009 dst=111.221.77.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931813000 externalId=38016 proto=17 reason=N/A requestClientApplication=Unknown rt=1645931813000 spt=34862 src=10.1.72.158 start=1645931813000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.45.65.25 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935282000 externalId=36193 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934679000 spt=54117 src=172.16.133.66 start=1645934679000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=198.51.152.183 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935282000 externalId=36971 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935252000 spt=53185 src=10.1.133.249 start=1645935252000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=429 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=44578 dst=109.191.143.169 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645931819000 externalId=38010 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931804000 spt=59370 src=10.1.79.121 start=1645931804000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=208.80.154.224 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935283000 externalId=38042 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935253000 spt=57254 src=10.180.10.102 start=1645935253000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=98.139.134.174 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935284000 externalId=42765 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935254000 spt=50401 src=10.1.17.31 start=1645935254000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=98.139.134.174 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935284000 externalId=36973 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935254000 spt=50400 src=10.1.17.31 start=1645935254000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.63.78.44 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935286000 externalId=38048 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935256000 spt=52231 src=10.1.123.94 start=1645935256000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=213.254.244.20 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935287000 externalId=38049 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935257000 spt=50144 src=10.1.165.109 start=1645935257000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.177 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935288000 externalId=38050 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935258000 spt=49182 src=10.1.128.58 start=1645935258000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.177 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935289000 externalId=42772 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935258000 spt=49185 src=10.1.128.58 start=1645935258000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.177 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935288000 externalId=36979 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935258000 spt=49183 src=10.1.128.58 start=1645935258000 suser=No Authentication Required +<13>Mar 04 20:51:50 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.177 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935288000 externalId=36978 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935258000 spt=49181 src=10.1.128.58 start=1645935258000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=74.125.226.177 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935288000 externalId=42771 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935258000 spt=49180 src=10.1.128.58 start=1645935258000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.125.226.177 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935289000 externalId=36980 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935258000 spt=49184 src=10.1.128.58 start=1645935258000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=35777 dst=204.9.163.160 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935289000 externalId=38052 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935259000 spt=10686 src=10.1.165.110 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=35777 dst=204.9.163.160 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935289000 externalId=42774 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935259000 spt=10677 src=10.1.165.110 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=35777 dst=204.9.163.160 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935289000 externalId=42775 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935259000 spt=10685 src=10.1.165.110 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=35777 dst=204.9.163.160 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935289000 externalId=38051 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935259000 spt=10676 src=10.1.165.110 start=1645935259000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=493 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=216.38.163.167 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935290000 externalId=37304 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934688000 spt=39665 src=10.1.16.188 start=1645934688000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=128.2.217.13 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935293000 externalId=42779 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935263000 spt=50577 src=10.1.174.101 start=1645935263000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTP bytesIn=629 bytesOut=524 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.129.237 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931695000 externalId=32122 proto=6 reason=N/A request=http://trc.taboola.com/sg/liveramp/1/usg requestClientApplication=Chrome rt=1645931695000 spt=54962 src=10.1.14.197 start=1645931695000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=174 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=23.214.129.237 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931695000 externalId=33173 proto=6 reason=N/A requestClientApplication=Unknown rt=1645931695000 spt=54963 src=10.1.14.197 start=1645931695000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=194.58.205.20 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931701000 externalId=33179 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931701000 spt=123 src=10.180.10.102 start=1645931701000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=189.226.127.145 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935299000 externalId=41987 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934696000 spt=52313 src=192.168.22.94 start=1645934696000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=301 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=212.58.246.90 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935302000 externalId=36174 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934673000 spt=64904 src=10.1.161.122 start=1645934673000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=HTTPS bytesIn=2987 bytesOut=5001 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=54.163.248.153 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931703000 externalId=32127 proto=6 reason=N/A request=https://dl-canary2.dropbox.com requestClientApplication=SSL client rt=1645931703000 spt=51807 src=10.1.173.250 start=1645931703000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=45.79.51.42 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931704000 externalId=32128 proto=17 reason=N/A requestClientApplication=NTP client rt=1645931704000 spt=123 src=10.180.10.102 start=1645931704000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=135 bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r9---sn-ab5e6nls.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645931798000 externalId=32135 proto=17 reason=N/A requestClientApplication=DNS rt=1645931798000 spt=59625 src=172.16.133.73 start=1645931798000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=113 bytesOut=76 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ar.voicefive.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931798000 externalId=33196 proto=17 reason=N/A requestClientApplication=DNS rt=1645931798000 spt=55986 src=172.16.133.73 start=1645931798000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesIn=284 bytesOut=73 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=s.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931798000 externalId=33197 proto=17 reason=N/A requestClientApplication=DNS rt=1645931798000 spt=63498 src=172.16.133.73 start=1645931798000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=168 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=sb.voicefive.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=59934 dst=172.16.133.73 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931798000 externalId=33200 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931798000 spt=53 src=172.16.128.202 start=1645931798000 suser=No Authentication Required +<13>Mar 04 20:51:51 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=216.115.219.126 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935309000 externalId=37332 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934706000 spt=54154 src=10.1.163.123 start=1645934706000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=104.149.164.142 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38063 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935308000 spt=123 src=10.180.10.102 start=1645935308000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=DNS bytesOut=131 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=r13---lga15s23.c.youtube.com deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=64688 dst=172.16.133.73 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931798000 externalId=33201 proto=17 reason=N/A requestClientApplication=DNS client rt=1645931798000 spt=53 src=172.16.128.202 start=1645931798000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=78 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory destinationDnsDomain=ad.doubleclick.net deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53 dst=172.16.128.202 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931798000 externalId=33202 proto=17 reason=N/A requestClientApplication=DNS rt=1645931798000 spt=51254 src=172.16.133.73 start=1645931798000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=185.216.231.116 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933573000 externalId=40729 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933573000 spt=123 src=10.180.10.102 start=1645933573000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=185.216.231.116 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42786 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935310000 spt=123 src=10.180.10.102 start=1645935310000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=BitTorrent bytesOut=109 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=63448 dst=10.0.0.201 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645931807000 externalId=33209 proto=17 reason=N/A requestClientApplication=BitTorrent rt=1645931807000 spt=6881 src=136.243.94.79 start=1645931807000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=63.116.244.139 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935311000 externalId=36240 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934708000 spt=33515 src=172.16.133.132 start=1645934708000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1505 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=173.194.122.28 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935314000 externalId=36245 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934711000 spt=51683 src=10.1.2.84 start=1645934711000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.59.9 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38064 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935315000 spt=123 src=10.180.10.102 start=1645935315000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=38.229.59.9 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933834000 externalId=36204 proto=17 reason=N/A requestClientApplication=NTP client rt=1645933834000 spt=123 src=10.180.10.102 start=1645933834000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.1.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935319000 externalId=42783 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935289000 spt=51452 src=10.180.10.102 start=1645935289000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.198 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645934991000 externalId=37776 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934991000 spt=123 src=10.180.10.102 start=1645934991000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=91.189.89.198 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38065 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935319000 spt=123 src=10.180.10.102 start=1645935319000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.65.140 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935324000 externalId=42785 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935294000 spt=43512 src=10.180.10.102 start=1645935294000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.129.140 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935329000 externalId=36989 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935299000 spt=57478 src=10.180.10.102 start=1645935299000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=151.101.193.140 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935334000 externalId=38062 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935304000 spt=46990 src=10.180.10.102 start=1645935304000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=1099 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935335000 externalId=37355 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934734000 spt=52443 src=10.1.100.3 start=1645934734000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=69.164.213.136 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645932496000 externalId=32235 proto=17 reason=N/A requestClientApplication=NTP client rt=1645932496000 spt=123 src=10.180.10.102 start=1645932496000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=69.164.213.136 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36993 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935336000 spt=123 src=10.180.10.102 start=1645935336000 suser=No Authentication Required +<13>Mar 04 20:51:52 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=173.194.43.33 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935339000 externalId=36254 proto=6 reason=N/A requestClientApplication=Unknown rt=1645934736000 spt=40300 src=10.1.68.189 start=1645934736000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.170.13 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38068 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935357000 spt=56205 src=10.1.212.27 start=1645935357000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=37.252.170.13 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=36999 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935357000 spt=56213 src=10.1.212.27 start=1645935357000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=199.48.204.30 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38070 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935359000 spt=60649 src=10.1.61.128 start=1645935359000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=59 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a dpt=34862 dst=10.0.2.200 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37002 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935362000 spt=40019 src=65.55.223.46 start=1645935362000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesOut=473 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=40019 dst=65.55.223.46 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42793 proto=17 reason=N/A requestClientApplication=Unknown rt=1645935362000 spt=34862 src=10.1.140.60 start=1645935362000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52482 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35139 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52429 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38073 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52482 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37003 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52429 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933881000 externalId=36242 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52339 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40852 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52443 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933881000 externalId=36243 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52468 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35138 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52468 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37004 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52339 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42795 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52568 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933881000 externalId=36244 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52508 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40853 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52568 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38075 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52887 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35140 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:53 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52508 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42796 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52887 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37005 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52329 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40851 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52875 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38076 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52329 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42794 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52443 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38074 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52875 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933881000 externalId=36245 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52889 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37007 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52889 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35141 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52899 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35142 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52899 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37006 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53039 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35143 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54272 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38077 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52929 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40854 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53023 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40855 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53136 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35144 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53039 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37008 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53204 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40856 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53136 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37009 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54272 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645933881000 externalId=36247 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:54 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=52929 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42797 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53023 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42798 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53244 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40857 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53144 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35145 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53144 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37010 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53207 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37011 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53207 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35146 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54541 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42801 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54541 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645933881000 externalId=40858 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53217 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35148 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53217 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37012 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54680 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645933881000 externalId=35150 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645933881000 spt=49151 src=172.16.133.109 start=1645933881000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53204 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42799 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=54680 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37013 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Pathview bytesOut=106 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=53244 dst=74.3.237.155 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42800 proto=17 reason=N/A requestClientApplication=Pathview client rt=1645935363000 spt=49151 src=172.16.133.109 start=1645935363000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.61.65.197 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935365000 externalId=42787 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935335000 spt=49236 src=172.16.155.149 start=1645935335000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=23.61.65.197 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935365000 externalId=36992 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935335000 spt=49237 src=172.16.155.149 start=1645935335000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.248.16.37 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935366000 externalId=42788 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935336000 spt=49389 src=172.16.138.158 start=1645935336000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=162.248.16.37 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935366000 externalId=42789 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935336000 spt=49392 src=172.16.138.158 start=1645935336000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.172.216.161 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935367000 externalId=36996 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935337000 spt=49576 src=10.1.1.175 start=1645935337000 suser=No Authentication Required +<13>Mar 04 20:51:55 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.172.216.161 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935367000 externalId=36995 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935337000 spt=49575 src=10.1.1.175 start=1645935337000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=69.172.216.161 dvchost=CSTA-vFTD-Production dvcpid=3 end=1645935367000 externalId=38066 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935337000 spt=49567 src=10.1.1.175 start=1645935337000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.73.197.44 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42805 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935368000 spt=60515 src=10.1.35.200 start=1645935368000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.73.197.44 dvchost=CSTA-vFTD-Production dvcpid=1 externalId=37016 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935368000 spt=60511 src=10.1.35.200 start=1645935368000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.231.20 dvchost=CSTA-vFTD-Production dvcpid=1 end=1645935370000 externalId=36997 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935339000 spt=60614 src=10.180.10.102 start=1645935339000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.159.200.123 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645934989000 externalId=42441 proto=17 reason=N/A requestClientApplication=NTP client rt=1645934989000 spt=123 src=10.180.10.102 start=1645934989000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=NTP bytesOut=90 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=123 dst=162.159.200.123 dvchost=CSTA-vFTD-Production dvcpid=2 externalId=42808 proto=17 reason=N/A requestClientApplication=NTP client rt=1645935373000 spt=123 src=10.180.10.102 start=1645935373000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=957 bytesOut=120 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=184.73.225.104 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38083 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935374000 spt=63432 src=10.1.99.149 start=1645935374000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c26bef04-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=443 dst=74.6.143.25 dvchost=CSTA-vFTD-Production dvcpid=2 end=1645935375000 externalId=42790 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935344000 spt=39646 src=10.180.10.102 start=1645935344000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|RNA:1003:1|CONNECTION STATISTICS|3|act=Allow app=Unknown bytesIn=66 bytesOut=66 cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5Label=secIntelCategory deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.249.88.153 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=38084 proto=6 reason=N/A requestClientApplication=Unknown rt=1645935375000 spt=60368 src=10.1.182.49 start=1645935375000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:29957|SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt|7|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2=268434433 cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=29957 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.249.88.153 dvchost=CSTA-vFTD-Production dvcpid=3 externalId=187721 proto=TCP requestClientApplication=Unknown rt=1645935375000 spt=60368 src=10.1.182.49 start=1645935375000 suser=No Authentication Required +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:38270|SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt|7|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=38270 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.249.88.153 dvchost=CSTA-vFTD-Production externalId=187722 proto=TCP requestClientApplication=Unknown rt=1645935375000 spt=60368 src=10.1.182.49 suser=Unknown +<13>Mar 04 20:51:56 splunk-8-1 CEF:0|Cisco|Firepower|6.0|INTRUSION:400:1:20620|SERVER-WEBAPP CoreHTTP Long buffer overflow attempt|7|act=Blocked app=Unknown cat=Known client side exploit attempt cn1Label=vlan cn2=3 cn2Label=impact cs1=00000000-0000-0000-0000-00006218492b cs1Label=fwPolicy cs2Label=fwRule cs3=N/A cs3Label=ingressZone cs4=N/A cs4Label=egressZone cs5=VRT Policy cs5Label=ipsPolicy cs6=20620 cs6Label=ruleId deviceExternalId=1 deviceInboundInterface=c278ecc2-8579-11ec-ac6c-9b4d61ca4f8a deviceOutboundInterface=c27cfbaa-8579-11ec-ac6c-9b4d61ca4f8a dpt=80 dst=151.249.88.153 dvchost=CSTA-vFTD-Production externalId=187723 proto=TCP requestClientApplication=Unknown rt=1645935375000 spt=60368 src=10.1.182.49 suser=Unknown \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/inflobox_nios_raw.log b/Tools/Syslog-cef-data-replicator/Sample Data/inflobox_nios_raw.log new file mode 100644 index 00000000000..0d88add9024 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/inflobox_nios_raw.log @@ -0,0 +1,2 @@ +May 13 2022 12:05:52 10.0.0.0 dhcpd[30174]: DHCPDISCOVER from 0a:0b:0c:0d::0f via eth2 TransID 5daf9374: network 10.0.0.0/24: no free leases +May 13 2022 12:05:52 10.1.1.1 named[11325]: zone voip.abc.com/IN: ZRQ applied transaction 0101010 with SOA serial 9191919. Zone version is now 0202020. \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/inflobox_nios_raw1.log b/Tools/Syslog-cef-data-replicator/Sample Data/inflobox_nios_raw1.log new file mode 100644 index 00000000000..0d88add9024 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/inflobox_nios_raw1.log @@ -0,0 +1,2 @@ +May 13 2022 12:05:52 10.0.0.0 dhcpd[30174]: DHCPDISCOVER from 0a:0b:0c:0d::0f via eth2 TransID 5daf9374: network 10.0.0.0/24: no free leases +May 13 2022 12:05:52 10.1.1.1 named[11325]: zone voip.abc.com/IN: ZRQ applied transaction 0101010 with SOA serial 9191919. Zone version is now 0202020. \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/junipersrxsyslograw.log b/Tools/Syslog-cef-data-replicator/Sample Data/junipersrxsyslograw.log new file mode 100644 index 00000000000..76873df25cb --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/junipersrxsyslograw.log @@ -0,0 +1,284 @@ +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:21:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:20:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:19:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:18:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:17:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:16:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:15:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:14:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:13:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:12:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:11:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:10:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:09:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:08:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:07:47 Daejeon_FW1 RT_IDS TCP port scan! source: 216.129.238.59:59858, destination: 1.245.60.33:9000, zone name: untrust, interface name: reth3.0, action: drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:07:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:06:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:05:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:04:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:03:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:02:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:01:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 06:00:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:59:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:58:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:57:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:56:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:55:43 JuniperSRX_FW4 RT_IDS TCP port scan! source: 89.40.73.205:6000, destination: 175.117.69.171:1080, zone name: untrust, interface name: reth3.0, action: drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:55:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:54:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:53:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:52:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:51:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:50:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:49:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:48:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:47:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:46:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:45:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:44:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:43:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:42:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:41:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:40:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:39:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:38:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:37:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:36:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:35:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:34:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:33:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:32:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:31:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:30:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:29:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:28:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:27:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:26:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:25:24 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:24:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:23:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:22:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:21:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:20:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:19:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:18:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:17:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:16:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:15:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:14:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:13:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:12:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:11:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:10:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:09:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:08:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:08:10 JuniperSRX_FW4 RT_IDS IP spoofing! source: 172.16.46.99, destination: 175.117.69.171, protocol-id: 6, zone name: untrust, interface name: reth3.0, action: drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:07:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:06:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:05:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:04:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:03:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:02:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:01:27 Daejeon_FW1 RT_IDS TCP port scan! source: 211.148.188.89:37449, destination: 1.245.60.33:5433, zone name: untrust, interface name: reth3.0, action: drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:01:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 05:00:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:59:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:58:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:57:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:56:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:55:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:54:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:53:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:52:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:51:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:50:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:49:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:48:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:47:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:46:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:45:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:44:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:43:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:42:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:41:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:40:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:39:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:38:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:37:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:36:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:35:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:34:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:33:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:32:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:31:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:30:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:29:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:28:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:27:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:26:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:25:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:24:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:23:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:22:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:21:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:20:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:19:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:18:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:17:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:16:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:15:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:14:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:13:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:12:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:11:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:10:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:09:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:08:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:07:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:06:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:05:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:04:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:03:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:02:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:01:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 04:00:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:59:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:58:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:57:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:56:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:55:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:54:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:53:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:52:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:51:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:50:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:49:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:48:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:47:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:46:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:45:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:44:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:43:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:42:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:41:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:40:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:39:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:38:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:37:25 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:36:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:35:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:34:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:33:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:32:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:31:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:30:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:29:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:28:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:27:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:26:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:25:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:24:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:23:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:22:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:21:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:20:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:19:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:18:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:17:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:16:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:15:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:14:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:13:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:12:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:11:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:10:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:09:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:08:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:07:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:06:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:05:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:04:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:03:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:02:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:01:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 03:00:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:59:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:58:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:57:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:56:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:55:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:54:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:53:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:52:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:51:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:50:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:49:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:48:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:47:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:46:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:45:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:44:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:43:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:42:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:41:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:40:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:39:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:38:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:37:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:36:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:35:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:34:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:31:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:30:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:29:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:28:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:27:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:26:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:25:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:24:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:23:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:22:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:21:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:20:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:19:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:18:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:16:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:14:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:13:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:12:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:11:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:10:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:08:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:07:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:06:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:05:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:04:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:03:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 02:02:26 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 00:30:27 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 00:29:27 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 00:28:27 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 00:27:27 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 00:24:27 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 Daejeon_FW1 :<11>Nov 14 00:22:27 Daejeon_FW1 RT_IDS IP spoofing! source: 192.168.7.1, destination: 239.255.255.250, protocol-id: 17, zone name: trust, interface name: reth4.0, action: alarm-without-drop +2022-01-01 00:00:00 JuniperSRX_FW4 :<37>Nov 14 06:21:27 JuniperSRX_FW4 sshd Login failed for user 'backup' from host '106.75.67.6' +2022-01-01 00:00:00 JuniperSRX_FW4 :<38>Nov 14 06:21:27 JuniperSRX_FW4 sshd[42321] Disconnected from 106.75.67.6 [preauth] +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:01:35 Daejeon_FW1 RT_FLOW session created 172.20.21.51/61284->172.20.22.222/161 0x0 None 172.20.21.51/61284->172.20.22.222/161 0x0 N/A N/A N/A N/A 17 VPN_to_Trust_Bonsa VPN trust 32061 N/A(N/A) st0.2 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:01:32 JuniperSRX_FW4 RT_FLOW session created 172.20.21.51/61268->172.20.22.254/161 0x0 None 172.20.21.51/61268->172.20.22.254/161 0x0 N/A N/A N/A N/A 17 VPN_to_Trust_Bonsa VPN trust 20767 N/A(N/A) st0.2 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:01:24 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16699 0x0 icmp 172.20.21.253/3469->172.20.22.193/16699 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:01:22 JuniperSRX_FW4 RT_FLOW session created 172.20.21.51/61227->172.20.22.254/161 0x0 None 172.20.21.51/61227->172.20.22.254/161 0x0 N/A N/A N/A N/A 17 VPN_to_Trust_Bonsa VPN trust 21182 N/A(N/A) st0.2 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:01:14 Daejeon_FW1 RT_FLOW session created 172.20.21.51/61192->172.20.22.222/161 0x0 None 172.20.21.51/61192->172.20.22.222/161 0x0 N/A N/A N/A N/A 17 VPN_to_Trust_Bonsa VPN trust 32324 N/A(N/A) st0.2 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:54 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16696 0x0 icmp 172.20.21.253/3469->172.20.22.193/16696 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:40 JuniperSRX_FW4 RT_FLOW session closed idle Timeout: 172.20.22.239/161->114.207.87.34/162 0x0 None 175.117.69.171/49113->114. +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:34 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16694 0x0 icmp 172.20.21.253/3469->172.20.22.193/16694 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:30 JuniperSRX_FW4 RT_FLOW session closed TCP FIN: 172.20.21.51/64156->172.20.22.254/80 0x0 junos-http 172.20.21.51/64156->172.20.22.254/80 0x0 N/A N/A N/A N/A 6 +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:29 JuniperSRX_FW4 RT_FLOW session created 172.20.21.51/64157->172.20.22.254/80 0x0 junos-http 172.20.21.51/64157->172.20.22.254/80 0x0 N/A N/A N/A N/A 6 VPN_to_Trust_Bonsa VPN trust 21078 N/A(N/A) st0.2 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:29 JuniperSRX_FW4 RT_FLOW session created 172.20.21.51/64156->172.20.22.254/80 0x0 junos-http 172.20.21.51/64156->172.20.22.254/80 0x0 N/A N/A N/A N/A 6 VPN_to_Trust_Bonsa VPN trust 20549 N/A(N/A) st0.2 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:24 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16693 0x0 icmp 172.20.21.253/3469->172.20.22.193/16693 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 05:00:04 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16691 0x0 icmp 172.20.21.253/3469->172.20.22.193/16691 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 04:59:54 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16690 0x0 icmp 172.20.21.253/3469->172.20.22.193/16690 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 04:59:42 JuniperSRX_FW4 RT_FLOW session created 172.20.22.239/161->114.207.87.34/162 0x0 None 175.117.69.171/49113->114.207.87.34/162 0x0 source rule source-nat-rule N/A N/A 17 trust_to_Untrust_Internet trust untrust 20471 N/A(N/A) reth4.0 UNKNOWN UNKNOWN UNKNOWN +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 04:59:34 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16688 0x0 icmp 172.20.21.253/3469->172.20.22.193/16688 0x0 N/A N/A N/A N +2022-01-01 00:00:00 JuniperSRX_FW4 :<14>Nov 14 04:59:14 Daejeon_FW1 RT_FLOW session closed idle Timeout: 172.20.21.253/3469->172.20.22.193/16686 0x0 icmp 172.20.21.253/3469->172.20.22.193/16686 0x0 N/A N/A N/A N \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/Sample Data/syslog_meraki_raw.log b/Tools/Syslog-cef-data-replicator/Sample Data/syslog_meraki_raw.log new file mode 100644 index 00000000000..2e29147a598 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/Sample Data/syslog_meraki_raw.log @@ -0,0 +1,7 @@ +1377449842.514782056 MX84 ids-alerts : signature=129:4:1 priority=3 timestamp=1377449842.512569 direction=ingress protocol=tcp/ip src=74.125.140.132:80 +1380664994.337961231 MX84 events : type=vpn_connectivity_change vpn_type='site-to-site' peer_contact='98.68.191.209:51856' peer_ident='2814ee002c075181bb1b7478ee073860' connectivity='true' +1377448470.246576346 MX84 ids-alerts : signature=119:15:1 priority=2 timestamp=1377448470.238064 direction=egress protocol=tcp/ip src=192.168.111.254:56240 signature=1:28423:1 priority=1 timestamp=1468531589.810079 dhost=98:5A:EB:E1:81:2F direction=ingress protocol=tcp/ip src=151.101.52.238:80 dst=192.168.128.2:53023 message: EXPLOIT-KIT Multiple exploit kit single digit exe detection url=http://www.eicar.org/download/eicar.com.txt src=192.168.128.2:53150 dst=188.40.238.250:80 mac=98:5A:EB:E1:81:2F name='EICAR:EICAR_Test_file_not_a_virus-tpd'// 1563249630.774247467 remote_DC1_appliance security_event ids_alerted signature=1:41944:2 priority=1 timestamp=TIMESTAMPEPOCH.647461 dhost=74:86:7A:D9:D7:AA direction=ingress protocol=tcp/ip src=23.6.199.123:80 dst=10.1.10.51:56938 message: BROWSER-IE Microsoft Edge scripting engine security bypass css attempt +1380653443.857790533 MR18 events : type=device_packet_flood radio='0' state='end' alarm_id='4' reason='left_channel' airmarshal_events type= rogue_ssid_detected ssid='' bssid='02:18:5A:AE:56:00' src='02:18:5A:AE:56:00' dst='02:18:6A:13:09:D0' wired_mac='00:18:0A:AE:56:00' vlan_id='0' channel='157' rssi='21' fc_type='0' fc_subtype='5' +1380653443.857790533 MS220_8P events : type=8021x_eap_success port='' identity='employee@ikarem.com' +1374543213.342705328 MX84 urls : src=192.168.1.186:63735 dst=69.58.188.40:80 mac=58:1F:AA:CE:61:F2 request: GET https://... +1374543986.038687615 MX84 flows : src=192.168.1.186 dst=8.8.8.8 mac=58:1F:AA:CE:61:F2 protocol=udp sport=55719 dport=53 pattern: allow all diff --git a/Tools/Syslog-cef-data-replicator/pycef.py b/Tools/Syslog-cef-data-replicator/pycef.py new file mode 100644 index 00000000000..a17a814b827 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/pycef.py @@ -0,0 +1,120 @@ +#!/usr/bin/env python + +from __future__ import print_function + +import logging +import re + +# Setup logging null handler +logger = logging.getLogger(__name__) +logger.addHandler(logging.NullHandler()) + + +def parse(str_input): + """ + Parse a string in CEF format and return a dict with the header values + and the extension data. + """ + + # Create the empty dict we'll return later + values = dict() + + # This regex separates the string into the CEF header and the extension + # data. Once we do this, it's easier to use other regexes to parse each + # part. + header_re = r'((CEF:\d+)([^=\\]+\|){,7})(.*)' + + res = re.search(header_re, str_input) + + if res: + header = res.group(1) + extension = res.group(4) + + # Split the header on the "|" char. Uses a negative lookbehind + # assertion to ensure we don't accidentally split on escaped chars, + # though. + spl = re.split(r'(? 6: + values["severity"] = spl[6] + + # The first value is actually the CEF version, formatted like + # "CEF:#". Ignore anything before that (like a date from a syslog message). + # We then split on the colon and use the second value as the + # version number. + cef_start = spl[0].find('CEF') + if cef_start == -1: + return None + (cef, version) = spl[0][cef_start:].split(':') + values["version"] = version + + # The ugly, gnarly regex here finds a single key=value pair, + # taking into account multiple whitespaces, escaped '=' and '|' + # chars. It returns an iterator of tuples. + spl = re.findall(r'([^=\s]+)=((?:[\\]=|[^=])+)(?:\s|$)', extension) + for i in spl: + # Split the tuples and put them into the dictionary + values[i[0]] = i[1] + + # Process custom field labels + for key in list(values.keys()): + # If the key string ends with Label, replace it in the appropriate + # custom field + if key[-5:] == "Label": + customlabel = key[:-5] + # Find the corresponding customfield and replace with the label + for customfield in list(values.keys()): + if customfield == customlabel: + values[values[key]] = values[customfield] + del values[customfield] + del values[key] + else: + # return None if our regex had now output + logger.warning('Could not parse record. Is it valid CEF format?') + return None + + # Now we're done! + logger.debug('Returning values: ' + str(values)) + return values + +###### Main ###### +if __name__ == "__main__": + + import sys + import json + + if len(sys.argv) != 2: + print("USAGE: %s " % sys.argv[0]) + sys.exit(-1) + + file = sys.argv[1] + with open(file, "r") as f: + for line in f.readlines(): + line = line.rstrip('\n') + + # Read the file, and parse each line of CEF into a separate JSON + # document to stdout + try: + values = parse(line) + except (TypeError, ValueError) as e: + sys.stderr.write('{0} parsing line:\n{1}\n'.format(e.message, line)) + else: + if values: + print(json.dumps(values)) + if not values: + print('No output returned, maybe your regex did not match?') \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/pysyslog.py b/Tools/Syslog-cef-data-replicator/pysyslog.py new file mode 100644 index 00000000000..9b20d5e5e0c --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/pysyslog.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python + +from __future__ import print_function + +import logging +import re + +# Setup logging null handler +logger = logging.getLogger(__name__) +logger.addHandler(logging.NullHandler()) + + +def parse(str_input): + """ + Parse a string in CEF format and return a dict with the header values + and the extension data. + """ + values = dict() + + + is_starts_with_PRI = re.search("^\<[0-9]+\>", str_input[:10]) + if is_starts_with_PRI: + header_re = r'^\<([0-9]+)\>\s{0,1}(.*)' + res = re.search(header_re, str_input) + values["pri"] = res.group(1) + str_input = res.group(2) + + contains_syslog_version = re.search("^(\d{1})\s(.*)", str_input[:2]) + + if contains_syslog_version: + header_re = r'^(\d{1})\s(.*)' + res = re.search(header_re, str_input) + values["version"] = res.group(1) + str_input = res.group(2) + + contains_datetime_format1 = re.search("^(\w{1,3}\s\d{1,2}\s\d{1,4}[\sT]\d{1,2}\:\d{1,2}\:\d{1,2})",str_input) + contains_datetime_format2 = re.search("^(\d{2}(?:\d{2})?-\d{1,2}-\d{1,2}[\sT]\d{1,2}\:\d{1,2}\:\d{1,2})",str_input) + contains_datetime_format3 = re.search("^(\d{9,13}[\.][\d]{0,10})\s(.*)",str_input) + contains_datetime_format4 = re.search("^(\w{1,3}\s\d{1,2}[\sT]\d{1,2}\:\d{1,2}\:\d{1,2})",str_input) + + # Mar 20 2022 10:00:00 + if contains_datetime_format1: + header_re = r'^(\w{1,3}\s\d{1,2}\s\d{1,4}[\sT]\d{1,2}:\d{1,2}:\d{1,2}(?:\.\d{1,10})?)\s(.*)' + res = re.search(header_re, str_input) + values["ISOTimeStamp"] = res.group(1) + str_input = res.group(2) + # 2022-03-20T10:00:00 + elif contains_datetime_format2: + header_re = r'^(\d{2}(?:\d{2})?-\d{1,2}-\d{1,2}[\sT]\d{1,2}:\d{1,2}:\d{1,2}(?:\.\d{1,10})?Z?)\s(.*)' + res = re.search(header_re, str_input) + values["ISOTimeStamp"] = res.group(1) + str_input = res.group(2) + elif contains_datetime_format3: + header_re = r'^(\d{9,13}[\.][\d]{0,10})\s(.*)' + res = re.search(header_re, str_input) + values["ISOTimeStamp"] = res.group(1) + str_input = res.group(2) + elif contains_datetime_format4: + header_re = r'^(\w{1,3}\s\d{1,2}[\sT]\d{1,2}:\d{1,2}:\d{1,2}(?:\.\d{1,10})?)\s(.*)' + res = re.search(header_re, str_input) + values["ISOTimeStamp"] = res.group(1) + str_input = res.group(2) + + contains_hostname = re.search("^([\.\w\-]+)\s(.*)",str_input) + + if contains_hostname: + header_re = r'^([\.\w\-]+)\s(.*)' + res = re.search(header_re, str_input) + values["hostName"] = res.group(1) + values["restofmessage"] = res.group(2) + + + + # Now we're done! + logger.debug('Returning values: ' + str(values)) + return values + + +if __name__ == "__main__": + + import sys + import json + + if len(sys.argv) != 2: + print("USAGE: %s " % sys.argv[0]) + sys.exit(-1) + + file = sys.argv[1] + with open(file, "r") as f: + for line in f.readlines(): + line = line.rstrip('\n') + + # Read the file, and parse each line of CEF into a separate JSON + # document to stdout + try: + values = parse(line) + except (TypeError, ValueError) as e: + sys.stderr.write('{0} parsing line:\n{1}\n'.format(e.message, line)) + else: + if values: + print(json.dumps(values)) + if not values: + print('No output returned, maybe your regex did not match?') \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/syslog.py b/Tools/Syslog-cef-data-replicator/syslog.py new file mode 100644 index 00000000000..9acc9de8f9b --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/syslog.py @@ -0,0 +1,70 @@ +""" +Remote syslog client. + +Works by sending UDP messages to a remote syslog server. The remote server +must be configured to accept logs from the network. + +License: PUBLIC DOMAIN +Author: Christian Stigen Larsen + +For more information, see RFC 3164. +""" + +import socket + +class Facility: + "Syslog facilities" + KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, \ + LPR, NEWS, UUCP, CRON, AUTHPRIV, FTP = range(12) + + LOCAL0, LOCAL1, LOCAL2, LOCAL3, \ + LOCAL4, LOCAL5, LOCAL6, LOCAL7 = range(16, 24) + +class Level: + "Syslog levels" + EMERG, ALERT, CRIT, ERR, \ + WARNING, NOTICE, INFO, DEBUG = range(8) + +class Syslog: + """A syslog client that logs to a remote server. + + Example: + >>> log = Syslog(host="foobar.example") + >>> log.send("hello", Level.WARNING) + """ + def __init__(self, + host="localhost", + port=514, + facility=Facility.DAEMON, + protocol='UDP'): + self.host = host + self.port = port + self.facility = facility + self.protocol = protocol + if self.protocol == 'UDP': + self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + elif self.protocol == 'TCP': + self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.socket.connect((self.host, self.port)) + else: + raise Exception('Invalid protocol {}, valid options are UDP and TCP'.format(self.protocol)) + + def send(self, message, level=Level.NOTICE): + "Send a syslog message to remote host using UDP or TCP" + data = "<%d>%s" % (level + self.facility*8, message) + if self.protocol == 'UDP': + self.socket.sendto(data.encode('utf-8'), (self.host, self.port)) + else: + self.socket.send(data.encode('utf-8')) + + def warn(self, message): + "Send a syslog warning message." + self.send(message, Level.WARNING) + + def notice(self, message): + "Send a syslog notice message." + self.send(message, Level.NOTICE) + + def error(self, message): + "Send a syslog error message." + self.send(message, Level.ERR) diff --git a/Tools/Syslog-cef-data-replicator/syslog_cef_data_replicator.zip b/Tools/Syslog-cef-data-replicator/syslog_cef_data_replicator.zip new file mode 100644 index 00000000000..12702fdd08c Binary files /dev/null and b/Tools/Syslog-cef-data-replicator/syslog_cef_data_replicator.zip differ diff --git a/Tools/Syslog-cef-data-replicator/syslogfromcsv.py b/Tools/Syslog-cef-data-replicator/syslogfromcsv.py new file mode 100644 index 00000000000..6dce7419cd0 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/syslogfromcsv.py @@ -0,0 +1,272 @@ +#from distutils import extension +#from email import header +#from genericpath import exists +import json +import random +#from syslog import Syslog, Level, Facility +import argparse +import datetime +import time +import socket +from multiprocessing import Process +from threading import Thread as worker + + + +class Facility: + "Syslog facilities" + KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, \ + LPR, NEWS, UUCP, CRON, AUTHPRIV, FTP = range(12) + + LOCAL0, LOCAL1, LOCAL2, LOCAL3, \ + LOCAL4, LOCAL5, LOCAL6, LOCAL7 = range(16, 24) + +class Level: + "Syslog levels" + EMERG, ALERT, CRIT, ERR, \ + WARNING, NOTICE, INFO, DEBUG = range(8) + +class Syslog: + """A syslog client that logs to a remote server. + + Example: + >>> log = Syslog(host="foobar.example") + >>> log.send("hello", Level.WARNING) + """ + def __init__(self, + host="localhost", + port=514, + facility=Facility.DAEMON, + protocol='TCP'): + self.host = host + self.port = port + self.facility = facility + self.protocol = protocol + if self.protocol == 'UDP': + self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + elif self.protocol == 'TCP': + self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.socket.connect((self.host, self.port)) + else: + raise Exception('Invalid protocol {}, valid options are UDP and TCP'.format(self.protocol)) + + def send(self, message, level=Level.NOTICE): + "Send a syslog message to remote host using UDP or TCP" + data = "<%d>%s" % (level + self.facility*8, message) + if self.protocol == 'UDP': + self.socket.sendto(data.encode('utf-8'), (self.host, self.port)) + else: + self.socket.send(data.encode('utf-8')) + + def warn(self, message): + "Send a syslog warning message." + self.send(message, Level.WARNING) + + def notice(self, message): + "Send a syslog notice message." + self.send(message, Level.NOTICE) + + def error(self, message): + "Send a syslog error message." + self.send(message, Level.ERR) + + +def build_custom_extension(schemaSampledata,complete_header, extensions): + # Prepare CEF Extensions + # print(schemaSampledata, extensions) + try: + for field in complete_header: + if field in schemaSampledata["customizations"].keys(): + #print (schemaSampledata["customizations"][field]["values"]) + if schemaSampledata["customizations"][field]["data_type"] == "datetime" and schemaSampledata["customizations"][field]["values"] == ["current"]: + if schemaSampledata["customizations"][field]["format"] == "epoch": + val = datetime.datetime.utcnow().timestamp() + elif schemaSampledata["customizations"][field]["format"] == "epochmilliseconds": + val = datetime.datetime.utcnow().timestamp() * 1000 + else: + val = datetime.datetime.utcnow().strftime(schemaSampledata["customizations"][field]["format"]) + extensions[field] = ("{}{}{}".format(field, KVDelimiter, val )) + else: + extensions[field] = ("{}{}{}".format(field, KVDelimiter, random.choice(schemaSampledata["customizations"][field]["values"]))) + return extensions + except (KeyError, TypeError): + return {'version': 'version=0', 'deviceVendor': 'deviceVendor=Fortinet', 'deviceProduct': 'deviceProduct=Fortigate', 'deviceVersion': 'deviceVersion=19', 'signatureId': 'signatureId=3.5.4.3', 'name': 'name=Phishing', 'severity': 'severity=4', 'externalId': 'externalId=1499', 'lastActivityTime': 'lastActivityTime=2016-05-03 23:42:54+00', 'src': 'src=32.3.4.22.11', 'dst': 'dst=119.67.82.9', 'src_hostname': 'src_hostname=fortinet3242N', 'dst_hostname': 'dst_hostname=google.com', 'src_username': 'src_username=hjrkd', 'dst_username': 'dst_username=dkedd', 'dst_email_id': 'dst_email_id=jkss@hfjfk.com', 'startTime': 'startTime=2019-05-03 23:42:54+00', 'url': 'url=http://greatfilesarey.asia/QA/files_to_pcaps/74280968a4917da52b5555351eeda969.bin http://greatfilesarey.asia/QA/files_to_pcaps/1813791bcecf3a3af699337723a30882.bin', 'fileHash': 'fileHash=bce00351cfc559afec5beb90ea387b03788e4af5', 'fileType': 'fileType=PE32', 'malwareCategory': 'malwareCategory=Trojan_Generic', 'malwareSeverity': 'malwareSeverity=0.87', 'dst_country': 'dst_country=SLNK'} + +def post_syslog(msg, hostname): + #print(msg) + log = Syslog(host=hostname) + log.send(msg,Level.INFO) + + + +#print (random.choice(schemaSampledata["CEFHeader"]["name"]["values"])) + +# Read header from sample data +def read_csv_header_sampledata(filename): + try: + with open(filename, 'r', encoding="utf8") as csv_file: + lines = csv_file.readlines() + headers = [i.strip() for i in lines[0].split(',')] + return headers + except OSError as e: + print("Make sure file exists with at least header, taking default header",e) + return ['externalId', 'lastActivityTime', 'src', 'dst', 'src_hostname', 'dst_hostname', 'src_username', 'dst_username', 'dst_email_id', 'startTime', 'url', 'fileHash', 'fileType', 'malwareCategory', 'malwareSeverity', 'dst_country'] + + + +def get_kv_pairs_csv(headers, record): + extensions1 = {} + values = [i.strip() for i in record.split(',')] + #headers_ext = [i for i in headers if i not in cef_header_fields] + for i,field in enumerate(headers): + #if not(field in cef_header_fields): + extensions1[field] = ("{}{}{}".format(headers[i],KVDelimiter,values[i])) + return extensions1 + + + +def syslog_message_format(args,schemaSampledata,extenstion_data): + return_message = "" + try: + if str(args.eventtype).lower() == 'cef': + cef_header = {} + cef_ext = {} + template = 'CEF:{version}|{deviceVendor}|{deviceProduct}|{deviceVersion}|{signatureId}|{name}|{severity}|{extenstion_data}' + cef_header_fields = ['name', 'deviceVendor', 'deviceProduct', 'signatureId', 'version', 'deviceVersion', 'severity'] + cef_header_fields_dummy = {'version': '0', 'deviceVendor': 'CEF Vendor','deviceProduct': 'CEF Product','deviceVersion': 'CEF Version','signatureId': 'CEF Sig','name': 'CEF Attack Name','severity': 'CEF SEV'} + for field in cef_header_fields: + if field in extenstion_data: + cef_header[field] = extenstion_data[field].split("=")[1] + else: + cef_header[field] = cef_header_fields_dummy[field] + + for field in extenstion_data: + if not(field in cef_header_fields): + cef_ext[field] = extenstion_data[field] + #print(cef_header) + prefixes = cef_header + return_message = template.format(extenstion_data=' '.join(cef_ext.values()), **prefixes) + elif str(args.eventtype).lower() == 'syslog': + #print("HEEEEEEEEEEEEEEEEEEEEREEEEEEEEEEEEEEEE") + syslog_header = {} + syslog_ext = {} + #template = '<{priority}>{version} {ISOTimeStamp} {hostName} {application} {pid} {messageId} {structured_data} {message}' + template = schemaSampledata["SyslogMessage"]["syslog_message_template"]["values"] + syslog_header_fields = schemaSampledata["SyslogMessage"]["syslog_header_fields"]["values"] + KVDelimiter = schemaSampledata["SyslogMessage"]["KVDelimiter"]["values"] + fieldDelimiter = schemaSampledata["SyslogMessage"]["fieldDelimiter"]["values"] + syslog_header_fields_dummy = {'priority': '139', 'version': '1','ISOTimeStamp': '2022-03-31 11:59:59','hostName': 'SYSLOG_Host','application': 'SYSLOG_App', 'pid': 'process','messageId': '1234'} + #print(extenstion_data) + for field in syslog_header_fields: + if field in extenstion_data: + syslog_header[field] = extenstion_data[field].split(KVDelimiter)[1] + else: + syslog_header[field] = syslog_header_fields_dummy[field] + #print(syslog_header) + for field in extenstion_data: + if not(field in syslog_header_fields): + syslog_ext[field] = extenstion_data[field] + #print(syslog_ext) + prefixes = syslog_header + return_message = template.format(structured_data=fieldDelimiter.join(syslog_ext.values()),message='', **prefixes) + post_syslog(return_message, hostname=args.host) + except Exception as e: + print(" syslog_message_format Exception {}",str(e)) + + +def build_message_csv(args, headers): + #print ("I am here") + try: + with open(args.input_file, 'r', encoding="utf8") as csv_file: + lines = csv_file.readlines() + if len(lines) > 1: + for record in lines[1:]: + extenstion_data = get_kv_pairs_csv(headers,record.strip()) + #print(extenstion_data) + #cef_header = get_cef_header(headers,record.strip()) + #print(cef_header) + if schemaSampledata != "NULL": + #print("HEEEEEEEEEEEEEEEE") + extenstion_data = build_custom_extension(schemaSampledata,complete_header=headers, extensions=extenstion_data) + #cef_header = get_cef_header(headers,record.strip()) + #print (extenstion_data) + syslog_message_format(args,schemaSampledata,extenstion_data) + else: + extenstion_data = build_custom_extension(schemaSampledata,complete_header=headers, extensions={}) + syslog_message_format(args,schemaSampledata,extenstion_data) + + #print (extenstion_data) + except OSError as e: + print("Make sure input file exists with the header and try again. For now taking default sample event") + extenstion_data = build_custom_extension(schemaSampledata, complete_header=headers, extensions={}) + syslog_message_format(args,schemaSampledata,extenstion_data) + + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Syslog and CEF builder and replayer') + parser.add_argument('input_file', metavar='DEFINITION_FILE', type=str, help='file containing sample events') + parser.add_argument('--cust_file', metavar='EVENT_CUSTOMIZATIONS_FILE', type=str, default="None", help='Customizations defined here') + parser.add_argument('--host', type=str, default='localhost', help='Syslog destination address') + parser.add_argument('--port', type=int, default=514, help='Syslog destination port') + parser.add_argument('--eventtype', type=str, default='CEF', help='CEF or Syslog') + parser.add_argument('--eventcount', type=int, default=200, help='Max events') + + args = parser.parse_args() + + """ + #args = [] + input_file = "C:\\Repositories\\Anki-Playground\\CEFReplicator\\syslog_meraki_raw.log" + cust_file = "fortigate_customizations.json" + host = "138.91.95.213" + port = 514 + eventtype = "CEF" + fileformat = "kvpair" + eventcount = 100 + """ + schemaSampledata = "NULL" + headers = read_csv_header_sampledata(args.input_file) + + try: + if args.cust_file != "None": + with open(args.cust_file, 'r') as json_file: + schemaSampledata = json.load(json_file) + else: + print("No customization requirements provided. Skipping customizations") + except OSError as e: + print("Make sure input file exists with the required customizations and try again {}",e.errno) + + try: + KVDelimiter = schemaSampledata["SyslogMessage"]["KVDelimiter"]["values"] + except KeyError: + KVDelimiter = "=" + print("Customization vaules not available takig default") + + #print(schemaSampledata) + + if args.eventtype != 'syslog': + KVDelimiter = "=" + + now = datetime.datetime.now() + + + for i in range(1,100000000000000000000): + time_diff = (datetime.datetime.now() - now).total_seconds() + eps = i / (time_diff if time_diff > 0 else 1) + if eps > args.eventcount: + time.sleep(1) + #now = datetime.datetime.now() + else: + #build_message_csv(args,headers) + p = worker(target=build_message_csv, args=(args,headers)) + p.start() + p.join() + print ("Sent {} messages till with eps {} ".format(i,eps)) + """ + for i in range(1,args.eventcount): + p = worker(target=build_message_csv, args=(args,headers)) + p.start() + p.join() + """ + #print (extenstion_data) + #168.61.69.216 \ No newline at end of file diff --git a/Tools/Syslog-cef-data-replicator/syslogfromraw.py b/Tools/Syslog-cef-data-replicator/syslogfromraw.py new file mode 100644 index 00000000000..c9eb58e93c0 --- /dev/null +++ b/Tools/Syslog-cef-data-replicator/syslogfromraw.py @@ -0,0 +1,252 @@ +import json +import random +import argparse +import re +import datetime +from threading import Thread as worker +import pycef +import pysyslog +import shlex +import time +import socket + +def build_custom_extension_for_raw(schemaSampledata,complete_header, extensions): + try: + for field in complete_header: + if field in schemaSampledata["customizations"].keys(): + #print (schemaSampledata["customizations"][field]["values"]) + if schemaSampledata["customizations"][field]["data_type"] == "datetime" and schemaSampledata["customizations"][field]["values"] == ["current"]: + if schemaSampledata["customizations"][field]["format"] == "epoch": + val = datetime.datetime.utcnow().timestamp() + elif schemaSampledata["customizations"][field]["format"] == "epochmilliseconds": + val = datetime.datetime.utcnow().timestamp() * 1000 + else: + val = datetime.datetime.utcnow().strftime(schemaSampledata["customizations"][field]["format"]) + extensions[field] = val + else: + extensions[field] = random.choice(schemaSampledata["customizations"][field]["values"]) + return extensions + except (KeyError, TypeError): + return {'version': 'version=0', 'deviceVendor': 'deviceVendor=Fortinet', 'deviceProduct': 'deviceProduct=Fortigate', 'deviceVersion': 'deviceVersion=19', 'signatureId': 'signatureId=3.5.4.3', 'name': 'name=Phishing', 'severity': 'severity=4', 'externalId': 'externalId=1499', 'lastActivityTime': 'lastActivityTime=2016-05-03 23:42:54+00', 'src': 'src=32.3.4.22.11', 'dst': 'dst=119.67.82.9', 'src_hostname': 'src_hostname=fortinet3242N', 'dst_hostname': 'dst_hostname=google.com', 'src_username': 'src_username=hjrkd', 'dst_username': 'dst_username=dkedd', 'dst_email_id': 'dst_email_id=jkss@hfjfk.com', 'startTime': 'startTime=2019-05-03 23:42:54+00', 'url': 'url=http://greatfilesarey.asia/QA/files_to_pcaps/74280968a4917da52b5555351eeda969.bin http://greatfilesarey.asia/QA/files_to_pcaps/1813791bcecf3a3af699337723a30882.bin', 'fileHash': 'fileHash=bce00351cfc559afec5beb90ea387b03788e4af5', 'fileType': 'fileType=PE32', 'malwareCategory': 'malwareCategory=Trojan_Generic', 'malwareSeverity': 'malwareSeverity=0.87', 'dst_country': 'dst_country=SLNK'} + +# Post to Syslog + +def post_syslog(msg, hostname, facility): + print(msg) + log = Syslog(host=hostname, facility=facility) + log.send(msg,Level.INFO) + + +def syslog_message_format_raw(args,schemaSampledata,extenstion_data): + return_message = "" + try: + if str(args.eventtype).lower() == 'cef': + cef_header = {} + cef_ext = {} + template = 'CEF:{version}|{deviceVendor}|{deviceProduct}|{deviceVersion}|{signatureId}|{name}|{severity}|{extenstion_data}' + cef_header_fields = ['name', 'deviceVendor', 'deviceProduct', 'signatureId', 'version', 'deviceVersion', 'severity'] + cef_header_fields_dummy = {'version': '0', 'deviceVendor': 'CEF Vendor','deviceProduct': 'CEF Product','deviceVersion': 'CEF Version','signatureId': 'CEF Sig','name': 'CEF Attack Name','severity': 'CEF SEV'} + for field in cef_header_fields: + if field in extenstion_data: + cef_header[field] = extenstion_data[field] + else: + cef_header[field] = cef_header_fields_dummy[field] + + for field in extenstion_data: + if not(field in cef_header_fields): + cef_ext[field] = "{}={}".format(field,extenstion_data[field]) + prefixes = cef_header + return_message = template.format(extenstion_data=' '.join(cef_ext.values()), **prefixes) + #print (return_message) + elif str(args.eventtype).lower() == 'syslog': + syslog_header = {} + syslog_ext = {} + template = "{hostName} {restofmessage}" + syslog_header_fields = ['priority', 'version', 'ISOTimeStamp', 'hostName', 'restofmessage'] + syslog_header_fields_dummy = {'priority': '139', 'version': '1','ISOTimeStamp': datetime.datetime.now(),'hostName': 'SYSLOG_Host','application': 'SYSLOG_App', 'pid': 'process','messageId': '1234'} + + for field in syslog_header_fields: + if field in extenstion_data: + syslog_header[field] = extenstion_data[field] + else: + syslog_header[field] = syslog_header_fields_dummy[field] + + for field in extenstion_data: + if not(field in syslog_header_fields): + syslog_ext[field] = ("{}{}{}".format(field,KVDelimiter,extenstion_data[field])) + + prefixes = syslog_header + return_message = template.format(priority=syslog_header['priority'], version=syslog_header['version'],ISOTimeStamp=syslog_header['ISOTimeStamp'],hostName=syslog_header['hostName'],restofmessage=syslog_header['restofmessage'] ) + post_syslog(return_message, hostname=args.host, facility=args.facility) + except Exception as e: + print("syslog_message_format_raw Exception {}",str(e)) + +def get_dict_for_syslog_message(messge): + exten = {x: y for x, y in map(lambda x: x.split('='), shlex.split(messge))} + + +def build_message_from_raw(args,num): + headers = [] + try: + with open(args.input_file, 'r', encoding="utf8") as log_file: + lines = log_file.readlines() + if len(lines) >= 1: + for record in lines: + #print(record) + if str(args.eventtype).lower() == 'syslog': + extenstion_data = pysyslog.parse(record) + if str(args.eventtype).lower() == 'cef': + extenstion_data = pycef.parse(record) + headers = list(extenstion_data.keys()) + + if schemaSampledata != "NULL": + extenstion_data = build_custom_extension_for_raw(schemaSampledata,complete_header=headers, extensions=extenstion_data) + syslog_message_format_raw(args,schemaSampledata,extenstion_data) + else: + extenstion_data = build_custom_extension_for_raw(schemaSampledata,complete_header=headers, extensions={}) + syslog_message_format_raw(args,schemaSampledata,extenstion_data) + + + except OSError as e: + print("Make sure input file exists with the header and try again. For now taking default sample event") + extenstion_data = build_custom_extension_for_raw(schemaSampledata, complete_header=headers, extensions={}) + syslog_message_format_raw(args,schemaSampledata,extenstion_data) + + +# Building Syslog + +def read_keys_sampledata(line): + keys_bucket = [] + cefextdata = {} + try: + kvsearch = re.search("CEF:([0-9]\|[\w\s.\|]+)\|(.*)", line, re.IGNORECASE) + if kvsearch: + cef_header = kvsearch.group(1) + kvpairs = kvsearch.group(2) + print(cef_header) + print(kvpairs) + res =1 + while res: + res = re.search("([0-9a-zA-Z]+)=(.*)", kvpairs, re.IGNORECASE) + if res: + key = res.group(1) + kvpairs = res.group(2) + keys_bucket.append(key) + cefextdata[key] = kvpairs + headers = set(keys_bucket) + print(cefextdata) + return headers + except OSError as e: + print("Make sure file exists with at least header, taking default header",e) + return ['externalId', 'lastActivityTime', 'src', 'dst', 'src_hostname', 'dst_hostname', 'src_username', 'dst_username', 'dst_email_id', 'startTime', 'url', 'fileHash', 'fileType', 'malwareCategory', 'malwareSeverity', 'dst_country'] +class Facility: + "Syslog facilities" + KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, \ + LPR, NEWS, UUCP, CRON, AUTHPRIV, FTP = range(12) + + LOCAL0, LOCAL1, LOCAL2, LOCAL3, \ + LOCAL4, LOCAL5, LOCAL6, LOCAL7 = range(16, 24) + +class Level: + "Syslog levels" + EMERG, ALERT, CRIT, ERR, \ + WARNING, NOTICE, INFO, DEBUG = range(8) + +class Syslog: + """A syslog client that logs to a remote server. + + Example: + >>> log = Syslog(host="foobar.example") + >>> log.send("hello", Level.WARNING) + """ + def __init__(self, + host="localhost", + port=514, + facility=Facility.DAEMON, + protocol='UDP'): + self.host = host + self.port = port + self.facility = facility + self.protocol = protocol + if self.protocol == 'UDP': + self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + elif self.protocol == 'TCP': + self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.socket.connect((self.host, self.port)) + else: + raise Exception('Invalid protocol {}, valid options are UDP and TCP'.format(self.protocol)) + + def send(self, message, level=Level.NOTICE): + "Send a syslog message to remote host using UDP or TCP" + data = "<%d>%s" % (level + self.facility*8, message) + if self.protocol == 'UDP': + self.socket.sendto(data.encode('utf-8'), (self.host, self.port)) + else: + self.socket.send(data.encode('utf-8')) + + def warn(self, message): + "Send a syslog warning message." + self.send(message, Level.WARNING) + + def notice(self, message): + "Send a syslog notice message." + self.send(message, Level.NOTICE) + + def error(self, message): + "Send a syslog error message." + self.send(message, Level.ERR) + + + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Syslog and CEF builder and replayer') + parser.add_argument('input_file', metavar='DEFINITION_FILE', type=str, help='file containing sample events') + parser.add_argument('--cust_file', metavar='EVENT_CUSTOMIZATIONS_FILE', type=str, default="None", help='Customizations defined here') + parser.add_argument('--host', type=str, default='localhost', help='Syslog destination address') + parser.add_argument('--facility', type=int, default=5, help='Facility of log messages') + parser.add_argument('--port', type=int, default=514, help='Syslog destination port') + parser.add_argument('--eventtype', type=str, default='CEF', help='CEF or Syslog') + parser.add_argument('--eps', type=int, default=100, help='Max events') + + args = parser.parse_args() + schemaSampledata = "NULL" + with open(args.input_file, 'r', encoding="utf8") as log_file: + lines = log_file.readlines() + record_count = len(lines) + + try: + if args.cust_file != "None": + with open(args.cust_file, 'r') as json_file: + schemaSampledata = json.load(json_file) + else: + print("No customization requirements provided. Skipping customizations") + except OSError as e: + print("Make sure input file exists with the required customizations and try again {}",e.errno) + + try: + KVDelimiter = schemaSampledata["SyslogMessage"]["KVDelimiter"]["values"] + except KeyError: + KVDelimiter = "=" + print("Customization vaules not available takig default") + + if args.eventtype != 'syslog': + KVDelimiter = "=" + + now = datetime.datetime.now() + + loop_break = 0 + total_records_sent = 0 + + while not (loop_break): + time_diff = (datetime.datetime.now() - now).total_seconds() + if time_diff >= 9*60: + loop_break = 1 + break + else: + total_records_sent = total_records_sent + record_count + eps = total_records_sent / (time_diff if time_diff > 0 else 1) + if eps > args.eps: + time.sleep(1) + p = worker(target=build_message_from_raw, args=(args,range(1,10))) + p.start() + p.join() \ No newline at end of file