{ "type": "object", "required": [ "alias", "source", "thread_id", "packet_id", "flow_event_id", "flow_event_name", "flow_id", "flow_state", "flow_src_packets_processed", "flow_dst_packets_processed", "flow_first_seen", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time", "flow_src_min_l4_payload_len", "flow_dst_min_l4_payload_len", "flow_src_max_l4_payload_len", "flow_dst_max_l4_payload_len", "flow_src_tot_l4_payload_len", "flow_dst_tot_l4_payload_len", "l3_proto", "l4_proto", "midstream", "thread_ts_usec", "src_ip", "dst_ip" ], "if": { "properties": { "flow_event_name": { "enum": [ "new", "end", "idle", "update" ] } } }, "then": { "required": [ "flow_datalink", "flow_max_packets" ] }, "if": { "properties": { "flow_event_name": { "enum": [ "analyse" ] } } }, "then": { "required": [ "data_analysis" ] }, "if": { "properties": { "flow_state": { "enum": [ "finished" ] } } }, "then": { "required": [ "ndpi" ] }, "if": { "properties": { "flow_event_name": { "enum": [ "guessed", "detected", "detection-update", "not-detected" ] } } }, "then": { "required": [ "ndpi" ] }, "properties": { "alias": { "type": "string" }, "uuid": { "type": "string" }, "source": { "type": "string" }, "thread_id": { "type": "number", "minimum": 0, "maximum": 31 }, "packet_id": { "type": "number", "minimum": 0 }, "vlan_id": { "type": "number", "minimum": 0, "maximum": 4095 }, "flow_event_id": { "type": "number", "minimum": 0, "maximum": 9 }, "flow_event_name": { "type": "string", "enum": [ "invalid", "new", "end", "idle", "update", "analyse", "guessed", "detected", "detection-update", "not-detected" ] }, "flow_id": { "type": "number", "minimum": 1 }, "flow_state": { "type": "string", "enum": [ "finished", "info" ] }, "flow_datalink": { "type": "number", "minimum": 0, "maximum": 292 }, "flow_src_packets_processed": { "type": "number", "minimum": 0 }, "flow_dst_packets_processed": { "type": "number", "minimum": 0 }, "flow_max_packets": { "type": "number", "minimum": 0 }, "flow_first_seen": { "type": "number", "minimum": 0 }, "flow_src_last_pkt_time": { "type": "number", "minimum": 0 }, "flow_dst_last_pkt_time": { "type": "number", "minimum": 0 }, "flow_idle_time": { "type": "number", "minimum": 1 }, "flow_src_min_l4_payload_len": { "type": "number", "minimum": 0 }, "flow_dst_min_l4_payload_len": { "type": "number", "minimum": 0 }, "flow_src_max_l4_payload_len": { "type": "number", "minimum": 0 }, "flow_dst_max_l4_payload_len": { "type": "number", "minimum": 0 }, "flow_src_tot_l4_payload_len": { "type": "number", "minimum": 0 }, "flow_dst_tot_l4_payload_len": { "type": "number", "minimum": 0 }, "l3_proto": { "type": "string", "enum": [ "ip4", "ip6", "unknown" ] }, "l4_proto": { "oneOf": [ { "type": "number" }, { "type": "string", "enum": [ "tcp", "udp", "icmp", "icmp6" ] } ] }, "midstream": { "type": "number", "minimum": 0, "maximum": 1 }, "thread_ts_usec": { "type": "number", "minimum": 0 }, "src_ip": { "type": "string", "anyOf" : [ { "format": "ipv4" }, { "format": "ipv6" } ] }, "dst_ip": { "type": "string", "anyOf" : [ { "format": "ipv4" }, { "format": "ipv6" } ] }, "src_port": { "type": "number", "minimum": 1, "maximum": 65535 }, "dst_port": { "type": "number", "minimum": 1, "maximum": 65535 }, "ndpi": { "type": "object", "required": [ "proto", "proto_id", "breed", "encrypted" ], "properties": { "proto": { "type": "string" }, "proto_id": { "type": "string" }, "proto_by_ip": { "type": "string" }, "proto_by_ip_id": { "type": "number" }, "stream_content": { "type": "string" }, "category": { "type": "string", "enum": [ "Unspecified", "Media", "VPN", "Email", "DataTransfer", "Web", "SocialNetwork", "Download", "Game", "Chat", "VoIP", "Database", "RemoteAccess", "Cloud", "Network", "Collaborative", "RPC", "Streaming", "System", "SoftwareUpdate", "Music", "Video", "Shopping", "Productivity", "FileSharing", "ConnCheck", "IoT-Scada", "VirtAssistant", "Cybersecurity", "AdultContent", "Mining", "Malware", "Advertisement", "Banned_Site", "Site_Unavailable", "Allowed_Site", "Antimalware", "Crypto_Currency", "Gambling", "Health" ] }, "category_id": { "type": "number" }, "encrypted": { "type": "number", "enum": [ 0, 1 ] }, "breed": { "type": "string", "enum": [ "Safe", "Acceptable", "Fun", "Unsafe", "Potentially Dangerous", "Tracker/Ads", "Dangerous", "Unrated" ] }, "flow_risk": { "type": "object", "properties": { "1": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "XSS Attack" ] }, "severity": { "type": "string", "enum": [ "Severe" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "2": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "SQL Injection" ] }, "severity": { "type": "string", "enum": [ "Severe" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "3": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "RCE Injection" ] }, "severity": { "type": "string", "enum": [ "Severe" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "4": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Binary App Transfer" ] }, "severity": { "type": "string", "enum": [ "Severe" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "5": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Known Proto on Non Std Port" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "6": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Self-signed Cert" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "7": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Obsolete TLS (v1.1 or older)" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "8": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Weak TLS Cipher" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "9": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Cert Expired" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "10": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Cert Mismatch" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "11": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "HTTP Susp User-Agent" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "12": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "HTTP/TLS/QUIC Numeric Hostname/SNI" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "13": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "HTTP Susp URL" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "14": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "HTTP Susp Header" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "15": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS (probably) Not Carrying HTTPS" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "16": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Susp DGA Domain name" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "17": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Malformed Packet" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "18": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "SSH Obsolete Cli Vers/Cipher" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "19": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "SSH Obsolete Ser Vers/Cipher" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "20": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "SMB Insecure Vers" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "21": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Susp ESNI Usage" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "22": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Unsafe Protocol" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "23": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Susp DNS Traffic" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "24": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Missing SNI TLS Extn" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "25": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "HTTP Susp Content" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "26": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Risky ASN" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "27": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Risky Domain Name" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "28": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Malicious JA3 Fingerp." ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "29": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Malicious SSL Cert/SHA1 Fingerp." ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "30": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Desktop/File Sharing" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "31": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Uncommon TLS ALPN" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "32": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Cert Validity Too Long" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "33": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Susp Extn" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "34": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Fatal Alert" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "35": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Susp Entropy" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "36": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Clear-Text Credentials" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "37": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Large DNS Packet (512+ bytes)" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "38": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Fragmented DNS Message" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "39": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Non-Printable/Invalid Chars Detected" ] }, "severity": { "type": "string", "enum": [ "High" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "40": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Possible Exploit Attempt" ] }, "severity": { "type": "string", "enum": [ "Severe" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "41": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TLS Cert About To Expire" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "42": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "IDN Domain Name" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "43": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Error Code" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "44": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Crawler/Bot" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "45": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Anonymous Subscriber" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "46": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Unidirectional Traffic" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "47": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "HTTP Obsolete Server" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "48": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Periodic Flow" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "49": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Minor Issues" ] }, "severity": { "type": "string", "enum": [ "Low" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "50": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "TCP Connection Issues" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "51": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Fully Encrypted Flow" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "52": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "ALPN/SNI Mismatch" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 }, "additionalProperties": false } } }, "additionalProperties": false }, "53": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Client Contacted A Malware Host" ] }, "severity": { "type": "string", "enum": [ "Severe" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "54": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Binary File/Data Transfer (Attempt)" ] }, "severity": { "type": "string", "enum": [ "Medium" ] }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 130 } }, "additionalProperties": false } }, "additionalProperties": false }, "55": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Probing Attempt" ] }, "severity": { "type": "string" }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 10, "maximum": 610 }, "client": { "type": "number", "minimum": 5, "maximum": 485 }, "server": { "type": "number", "minimum": 5, "maximum": 135 }, "additionalProperties": false } } }, "additionalProperties": false }, "56": { "type": "object", "required": [ "risk", "severity", "risk_score" ], "properties": { "risk": { "type": "string", "enum": [ "Obfuscated Traffic" ] }, "severity": { "type": "string" }, "risk_score": { "type": "object", "required": [ "total", "client", "server" ], "properties": { "total": { "type": "number", "minimum": 350, "maximum": 350 }, "client": { "type": "number", "minimum": 235, "maximum": 235 }, "server": { "type": "number", "minimum": 115, "maximum": 115 }, "additionalProperties": false } } }, "additionalProperties": false } }, "additionalProperties": false }, "confidence": { "type": "object", "properties": { "0": { "type": "string", "enum": [ "Unknown" ] }, "1": { "type": "string", "enum": [ "Match by port" ] }, "2": { "type": "string", "enum": [ "nBPF" ] }, "3": { "type": "string", "enum": [ "DPI (partial)" ] }, "4": { "type": "string", "enum": [ "DPI (partial cache)" ] }, "5": { "type": "string", "enum": [ "DPI (cache)" ] }, "6": { "type": "string", "enum": [ "DPI" ] }, "7": { "type": "string", "enum": [ "Match by IP" ] }, "8": { "type": "string", "enum": [ "DPI (aggressive)" ] } }, "additionalProperties": false }, "entropy": { "type": "number" }, "domainame": { "type": "string" }, "hostname": { "type": "string" }, "collectd": { "type": "object" }, "dhcp": { "type": "object" }, "discord": { "type": "object" }, "bittorrent": { "type": "object" }, "mdns": { "type": "object" }, "mikrotik": { "type": "object" }, "natpmp": { "type": "object" }, "ntp": { "type": "object" }, "ubntac2": { "type": "object" }, "kerberos": { "type": "object" }, "telnet": { "type": "object" }, "tls": { "type": "object" }, "quic": { "type": "object" }, "imap": { "type": "object" }, "http": { "type": "object" }, "pop": { "type": "object" }, "smtp": { "type": "object" }, "dns": { "type": "object" }, "ftp": { "type": "object" }, "sip": { "type": "object", "properties": { "from": { "type": "string" }, "to": { "type": "string" } }, "additionalProperties": false }, "snmp": { "type": "object" }, "ssdp": { "type": "object" }, "ssh": { "type": "object" }, "stun": { "type": "object" }, "softether": { "type": "object" }, "tftp": { "type": "object" }, "tivoconnect": { "type": "object" }, "rsh": { "type": "object" } }, "additionalProperties": false }, "data_analysis": { "type": "object", "required": [ "iat", "pktlen", "bins", "directions" ], "properties": { "iat": { "type": "object", "properties": { "min": { "type": "number" }, "avg": { "type": "number" }, "max": { "type": "number" }, "stddev": { "type": "number" }, "var": { "type": "number" }, "ent": { "type": "number" }, "data": { "type": "array", "items": { "type": "number" } } }, "additionalProperties": false }, "pktlen": { "type": "object", "properties": { "min": { "type": "number" }, "avg": { "type": "number" }, "max": { "type": "number" }, "stddev": { "type": "number" }, "var": { "type": "number" }, "ent": { "type": "number" }, "data": { "type": "array", "items": { "type": "number" } } }, "additionalProperties": false }, "bins": { "type": "object", "properties": { "c_to_s": { "type": "array", "items": { "type": "number" } }, "s_to_c": { "type": "array", "items": { "type": "number" } } }, "additionalProperties": false }, "directions": { "type": "array", "items": { "type": "number" } }, "entropies": { "type": "array", "items": { "type": "number" } } }, "additionalProperties": false } }, "additionalProperties": false }