metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmiklav...@apache.org
Subject [2/5] metron git commit: METRON-1803: Integrate Cypress with Travis (tiborm via mmiklavc) closes apache/metron#1226
Date Fri, 02 Nov 2018 16:22:07 GMT
http://git-wip-us.apache.org/repos/asf/metron/blob/9b6260fd/metron-interface/metron-alerts/cypress/fixtures/search.json
----------------------------------------------------------------------
diff --git a/metron-interface/metron-alerts/cypress/fixtures/search.json b/metron-interface/metron-alerts/cypress/fixtures/search.json
new file mode 100644
index 0000000..e2e03e4
--- /dev/null
+++ b/metron-interface/metron-alerts/cypress/fixtures/search.json
@@ -0,0 +1,5647 @@
+{
+  "total":104593,
+  "results":[
+     {
+        "id":"ad5cc7ea-5954-479f-8589-51f94b1c2f02",
+        "source":{
+           "average":10.0,
+           "max":10.0,
+           "metron_alert":[
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537279364136",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537279364122",
+                 "enrichmentjoinbolt:joiner:ts":"1537279364128",
+                 "adapter:geoadapter:begin:ts":"1537279364125",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537279364133",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:02:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537279364125",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537279364125",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537279364130",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537279359000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537279364122",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537279364125",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537279364130",
+                 "adapter:threatinteladapter:begin:ts":"1537279364133",
+                 "tcpflags":"***A**S*",
+                 "guid":"c6843745-203c-49e1-80ad-f060eb88c9b1",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537280091506",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537280091491",
+                 "enrichmentjoinbolt:joiner:ts":"1537280091498",
+                 "adapter:geoadapter:begin:ts":"1537280091493",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537280091503",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:14:47.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537280091493",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537280091493",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537280091501",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537280087000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537280091491",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537280091493",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537280091501",
+                 "adapter:threatinteladapter:begin:ts":"1537280091503",
+                 "tcpflags":"***A****",
+                 "guid":"f6521c0a-7aa9-4fc2-82ef-34c647d793f4",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537280221040",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537280221027",
+                 "enrichmentjoinbolt:joiner:ts":"1537280221031",
+                 "adapter:geoadapter:begin:ts":"1537280221029",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537280221037",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:16:56.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537280221029",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537280221029",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537280221035",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537280216000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537280221027",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537280221029",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537280221035",
+                 "adapter:threatinteladapter:begin:ts":"1537280221037",
+                 "tcpflags":"***A**S*",
+                 "guid":"4b1a23db-8040-4639-88ae-83294d45921e",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537280908414",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537280908400",
+                 "enrichmentjoinbolt:joiner:ts":"1537280908405",
+                 "adapter:geoadapter:begin:ts":"1537280908403",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537280908411",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:28:27.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537280908402",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537280908403",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537280908407",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537280907000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537280908400",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537280908402",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537280908407",
+                 "adapter:threatinteladapter:begin:ts":"1537280908411",
+                 "tcpflags":"***A****",
+                 "guid":"7f8babb8-72d6-4823-824a-0d57035bdfff",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537284816200",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537284816186",
+                 "enrichmentjoinbolt:joiner:ts":"1537284816191",
+                 "adapter:geoadapter:begin:ts":"1537284816188",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537284816198",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-15:33:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537284816188",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537284816189",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537284816194",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537284815000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537284816186",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537284816188",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537284816194",
+                 "adapter:threatinteladapter:begin:ts":"1537284816196",
+                 "tcpflags":"***A****",
+                 "guid":"007a98c7-4301-44e1-b80d-a35cf5a88019",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537285796807",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537285796794",
+                 "enrichmentjoinbolt:joiner:ts":"1537285796799",
+                 "adapter:geoadapter:begin:ts":"1537285796796",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537285796804",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-15:49:52.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537285796796",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537285796796",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537285796802",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537285792000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537285796794",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537285796796",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537285796802",
+                 "adapter:threatinteladapter:begin:ts":"1537285796804",
+                 "tcpflags":"***A**S*",
+                 "guid":"337b657f-9c48-45a2-b356-0ab08de9f549",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537296522470",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537295997966",
+                 "enrichmentjoinbolt:joiner:ts":"1537295997971",
+                 "adapter:geoadapter:begin:ts":"1537295997968",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537296522293",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-18:39:53.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537295997968",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537295997968",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537295997973",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537295993000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537295997966",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537295997968",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537295997973",
+                 "adapter:threatinteladapter:begin:ts":"1537296522293",
+                 "tcpflags":"***A**S*",
+                 "guid":"0517c267-f7c9-409a-8b8f-40d95254eb2d",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537296937969",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537296937958",
+                 "enrichmentjoinbolt:joiner:ts":"1537296937963",
+                 "adapter:geoadapter:begin:ts":"1537296937960",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537296937967",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-18:55:33.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537296937960",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537296937960",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537296937965",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537296933000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537296937958",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537296937960",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537296937965",
+                 "adapter:threatinteladapter:begin:ts":"1537296937967",
+                 "tcpflags":"***A****",
+                 "guid":"f2a6c42c-ec04-4e8e-ae8d-29a7a642b8be",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537297658265",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537297658252",
+                 "enrichmentjoinbolt:joiner:ts":"1537297658256",
+                 "adapter:geoadapter:begin:ts":"1537297658254",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537297658261",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:07:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537297658254",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537297658254",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537297658259",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537297657000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537297658252",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537297658254",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537297658259",
+                 "adapter:threatinteladapter:begin:ts":"1537297658261",
+                 "tcpflags":"***A**S*",
+                 "guid":"2f34effe-93dc-41d4-aa04-920c89982f9c",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537297780829",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537297780818",
+                 "enrichmentjoinbolt:joiner:ts":"1537297780822",
+                 "adapter:geoadapter:begin:ts":"1537297780820",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537297780827",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:09:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537297780820",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537297780820",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537297780825",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537297775000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537297780818",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537297780820",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537297780825",
+                 "adapter:threatinteladapter:begin:ts":"1537297780827",
+                 "tcpflags":"***A**S*",
+                 "guid":"bbbbdb93-fbef-4479-b018-02b92cc88103",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537298899732",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537298899713",
+                 "enrichmentjoinbolt:joiner:ts":"1537298899718",
+                 "adapter:geoadapter:begin:ts":"1537298899716",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537298899729",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:28:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537298899716",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537298899716",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537298899720",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537298898000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537298899713",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537298899716",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537298899720",
+                 "adapter:threatinteladapter:begin:ts":"1537298899722",
+                 "tcpflags":"***A**S*",
+                 "guid":"5e42b3f7-5baf-48f6-b596-4db3e5e5f30b",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537299378075",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537299378057",
+                 "enrichmentjoinbolt:joiner:ts":"1537299378062",
+                 "adapter:geoadapter:begin:ts":"1537299378059",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537299378072",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:36:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537299378059",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537299378059",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537299378066",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537299377000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537299378057",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537299378059",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537299378066",
+                 "adapter:threatinteladapter:begin:ts":"1537299378072",
+                 "tcpflags":"***A****",
+                 "guid":"d6df0c6a-9e7c-41c9-8ee6-38681225a38c",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537300647845",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537300647833",
+                 "enrichmentjoinbolt:joiner:ts":"1537300647837",
+                 "adapter:geoadapter:begin:ts":"1537300647834",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537300647842",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:57:26.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537300647834",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537300647834",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537300647839",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537300646000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537300647833",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537300647834",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537300647839",
+                 "adapter:threatinteladapter:begin:ts":"1537300647842",
+                 "tcpflags":"***A**S*",
+                 "guid":"2f45a7f0-9771-49c3-8eba-bd1f8af8174f",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537301518165",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537301518147",
+                 "enrichmentjoinbolt:joiner:ts":"1537301518158",
+                 "adapter:geoadapter:begin:ts":"1537301518149",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537301518163",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-20:11:57.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537301518149",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537301518149",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537301518160",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537301517000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537301518147",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537301518149",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537301518160",
+                 "adapter:threatinteladapter:begin:ts":"1537301518163",
+                 "tcpflags":"***A**S*",
+                 "guid":"0dd2ce0a-62aa-4800-a7de-ad56d0ed2f41",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537304529055",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537304529042",
+                 "enrichmentjoinbolt:joiner:ts":"1537304529048",
+                 "adapter:geoadapter:begin:ts":"1537304529045",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537304529053",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-21:02:04.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537304529045",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537304529045",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537304529050",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537304524000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537304529042",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537304529045",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537304529050",
+                 "adapter:threatinteladapter:begin:ts":"1537304529053",
+                 "tcpflags":"***A****",
+                 "guid":"13760f67-1412-4463-8de3-a74def82c6ed",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537277777169",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537277777156",
+                 "enrichmentjoinbolt:joiner:ts":"1537277777161",
+                 "adapter:geoadapter:begin:ts":"1537277777158",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537277777165",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-13:36:15.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537277777158",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537277777158",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537277777163",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537277775000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537277777156",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537277777158",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537277777162",
+                 "adapter:threatinteladapter:begin:ts":"1537277777165",
+                 "tcpflags":"***A****",
+                 "guid":"32c60f70-7a76-4d7b-a943-939a6cea9a3f",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537277957306",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537277957293",
+                 "enrichmentjoinbolt:joiner:ts":"1537277957299",
+                 "adapter:geoadapter:begin:ts":"1537277957296",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537277957303",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537277957296",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537277957296",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537277957301",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537277956000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537277957293",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537277957296",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537277957301",
+                 "adapter:threatinteladapter:begin:ts":"1537277957303",
+                 "tcpflags":"***A****",
+                 "guid":"7dcf592a-d562-4ac6-92e7-aaea2ee14417",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537277957306",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537277957293",
+                 "enrichmentjoinbolt:joiner:ts":"1537277957299",
+                 "adapter:geoadapter:begin:ts":"1537277957296",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537277957303",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537277957296",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537277957296",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537277957301",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537277956000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537277957293",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537277957296",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537277957301",
+                 "adapter:threatinteladapter:begin:ts":"1537277957303",
+                 "tcpflags":"***A****",
+                 "guid":"ebe214d5-a0ee-485e-bf39-78e8afde9711",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537281281274",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537281281256",
+                 "enrichmentjoinbolt:joiner:ts":"1537281281261",
+                 "adapter:geoadapter:begin:ts":"1537281281258",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537281281273",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:34:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537281281258",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537281281258",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537281281263",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537281277000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537281281256",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537281281258",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537281281263",
+                 "adapter:threatinteladapter:begin:ts":"1537281281266",
+                 "tcpflags":"***A****",
+                 "guid":"f4d8a573-e957-4c22-b4e1-b9c657cd911d",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537281652539",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537281652526",
+                 "enrichmentjoinbolt:joiner:ts":"1537281652532",
+                 "adapter:geoadapter:begin:ts":"1537281652530",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537281652536",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:40:51.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537281652529",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537281652530",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537281652534",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537281651000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537281652526",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537281652529",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537281652534",
+                 "adapter:threatinteladapter:begin:ts":"1537281652536",
+                 "tcpflags":"***A**S*",
+                 "guid":"c4f85a6b-0ebf-4e89-b212-5e0567788f03",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537281947945",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537281947925",
+                 "enrichmentjoinbolt:joiner:ts":"1537281947930",
+                 "adapter:geoadapter:begin:ts":"1537281947927",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537281947942",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-14:45:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537281947927",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537281947928",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537281947932",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537281943000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537281947925",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537281947927",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537281947932",
+                 "adapter:threatinteladapter:begin:ts":"1537281947935",
+                 "tcpflags":"***A****",
+                 "guid":"c507d367-4556-41b9-8975-6cfc52b83545",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537282850352",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537282850310",
+                 "enrichmentjoinbolt:joiner:ts":"1537282850315",
+                 "adapter:geoadapter:begin:ts":"1537282850312",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537282850350",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-15:00:45.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537282850312",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537282850313",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537282850317",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537282845000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537282850310",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537282850312",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537282850317",
+                 "adapter:threatinteladapter:begin:ts":"1537282850350",
+                 "tcpflags":"***A**S*",
+                 "guid":"78cb2af0-6056-464b-a94a-7d4ccedcc269",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537283450157",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537283450144",
+                 "enrichmentjoinbolt:joiner:ts":"1537283450150",
+                 "adapter:geoadapter:begin:ts":"1537283450147",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537283450156",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-15:10:46.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537283450147",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537283450147",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537283450153",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537283446000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537283450144",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537283450147",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537283450153",
+                 "adapter:threatinteladapter:begin:ts":"1537283450156",
+                 "tcpflags":"***A**S*",
+                 "guid":"67e7927d-bf35-4506-9ce5-8236aea37417",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537296522491",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537296158983",
+                 "enrichmentjoinbolt:joiner:ts":"1537296158988",
+                 "adapter:geoadapter:begin:ts":"1537296158985",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537296522299",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-18:42:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537296158985",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537296158985",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537296158990",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537296154000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537296158983",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537296158985",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537296158990",
+                 "adapter:threatinteladapter:begin:ts":"1537296522299",
+                 "tcpflags":"***A****",
+                 "guid":"8a851c1a-9f4f-45d1-b06a-c9c0d800f91c",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537296522537",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537296487429",
+                 "enrichmentjoinbolt:joiner:ts":"1537296487439",
+                 "adapter:geoadapter:begin:ts":"1537296487432",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537296522318",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-18:48:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537296487432",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537296487432",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537296487441",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537296485000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537296487429",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537296487432",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537296487441",
+                 "adapter:threatinteladapter:begin:ts":"1537296522318",
+                 "tcpflags":"***A**S*",
+                 "guid":"5c9a68d8-16ff-44fe-83a6-9feb0b045125",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537297341824",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537297341800",
+                 "enrichmentjoinbolt:joiner:ts":"1537297341805",
+                 "adapter:geoadapter:begin:ts":"1537297341803",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537297341814",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:02:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537297341803",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537297341803",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537297341808",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537297337000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537297341800",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537297341803",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537297341808",
+                 "adapter:threatinteladapter:begin:ts":"1537297341811",
+                 "tcpflags":"***A**S*",
+                 "guid":"1767fe9d-d61d-46b5-9cb7-c24b8074ddec",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537297520177",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537297520165",
+                 "enrichmentjoinbolt:joiner:ts":"1537297520170",
+                 "adapter:geoadapter:begin:ts":"1537297520167",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537297520174",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:05:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537297520167",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537297520167",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537297520172",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537297518000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537297520165",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537297520167",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537297520172",
+                 "adapter:threatinteladapter:begin:ts":"1537297520174",
+                 "tcpflags":"***A****",
+                 "guid":"fc5b9a63-0894-4b16-9c5b-76c35cb00757",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537297710682",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537297710669",
+                 "enrichmentjoinbolt:joiner:ts":"1537297710674",
+                 "adapter:geoadapter:begin:ts":"1537297710671",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537297710679",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:08:29.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537297710671",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537297710671",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537297710676",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537297709000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537297710669",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537297710671",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537297710676",
+                 "adapter:threatinteladapter:begin:ts":"1537297710679",
+                 "tcpflags":"***A**S*",
+                 "guid":"6b63bfb3-f809-46f0-932e-c22d5071b502",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537298106549",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537298106533",
+                 "enrichmentjoinbolt:joiner:ts":"1537298106539",
+                 "adapter:geoadapter:begin:ts":"1537298106536",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C98B4",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537298106547",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:15:02.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537298106536",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537298106536",
+                 "id":"1899",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537298106541",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537298102000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537298106533",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537298106536",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"45056",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537298106541",
+                 "adapter:threatinteladapter:begin:ts":"1537298106544",
+                 "tcpflags":"***A**S*",
+                 "guid":"096b5469-6c46-4f54-b0a4-61ffc125d74c",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537300567318",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537300567298",
+                 "enrichmentjoinbolt:joiner:ts":"1537300567302",
+                 "adapter:geoadapter:begin:ts":"1537300567300",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537300567312",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-19:56:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537300567300",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537300567300",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537300567306",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537300566000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537300567298",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537300567300",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537300567306",
+                 "adapter:threatinteladapter:begin:ts":"1537300567312",
+                 "tcpflags":"***A****",
+                 "guid":"9d84c1f0-2924-439a-abd7-32a4e8c69253",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537300823287",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BD",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"40",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537300823274",
+                 "enrichmentjoinbolt:joiner:ts":"1537300823279",
+                 "adapter:geoadapter:begin:ts":"1537300823276",
+                 "tcpwindow":"0xFAF0",
+                 "threat:triage:rules:0:name":null,
+                 "tcpack":"0x522C999D",
+                 "protocol":"TCP",
+                 "source:type":"snort",
+                 "adapter:threatinteladapter:end:ts":"1537300823285",
+                 "ip_dst_addr":"192.168.138.158",
+                 "original_string":"09/18/18-20:00:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,",
+                 "adapter:hostfromjsonlistadapter:end:ts":"1537300823277",
+                 "tos":"0",
+                 "adapter:geoadapter:end:ts":"1537300823276",
+                 "id":"1900",
+                 "enrichments:geo:ip_src_addr:latitude":"48.8582",
+                 "ip_src_addr":"188.165.164.184",
+                 "threatintelsplitterbolt:splitter:end:ts":"1537300823281",
+                 "threat:triage:rules:0:score":10,
+                 "timestamp":1537300822000,
+                 "ethdst":"00:00:00:00:00:00",
+                 "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002",
+                 "threat:triage:rules:0:reason":null,
+                 "enrichmentsplitterbolt:splitter:end:ts":"1537300823274",
+                 "threat:triage:score":10.0,
+                 "is_alert":"true",
+                 "adapter:hostfromjsonlistadapter:begin:ts":"1537300823277",
+                 "enrichments:geo:ip_src_addr:country":"FR",
+                 "ttl":"128",
+                 "metaalerts":[
+                    "ad5cc7ea-5954-479f-8589-51f94b1c2f02"
+                 ],
+                 "ethlen":"0x3C",
+                 "iplen":"40960",
+                 "ip_src_port":"80",
+                 "threatintelsplitterbolt:splitter:begin:ts":"1537300823281",
+                 "adapter:threatinteladapter:begin:ts":"1537300823284",
+                 "tcpflags":"***A****",
+                 "guid":"afa4b156-bc2f-4e6f-bf0c-ad03695056e3",
+                 "sig_id":"999158",
+                 "sig_generator":"1"
+              },
+              {
+                 "msg":"'snort test alert'",
+                 "sig_rev":"0",
+                 "ip_dst_port":"49195",
+                 "threatinteljoinbolt:joiner:ts":"1537302847425",
+                 "ethsrc":"00:00:00:00:00:00",
+                 "threat:triage:rules:0:comment":null,
+                 "tcpseq":"0xC88832BC",
+                 "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002",
+                 "dgmlen":"44",
+                 "enrichmentsplitterbolt:splitter:begin:ts":"1537302847413",
+                 "enrichmentjoinbolt:joiner:ts":"1537302847418",
+                 "adapter:geoadapter:begin:ts":"1537302847415",
+              

<TRUNCATED>

Mime
View raw message