The last 50 IDS alarms

DATE HOST Event
2018-09-01 11:01:44.739SCADACON-Win2kMALWARE-CNC Win.Trojan.Upatre variant outbound connection
- SCADACON-Win2k Previous message repeated 1 times
2018-08-31 08:25:25.907Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-31 08:25:25.907Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 08:17:45.832Desktop-AD-2k8OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-31 08:17:45.832Desktop-AD-2k8OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 08:05:55.078Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 08:05:55.078Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-31 08:01:54.363Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 08:01:54.363Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
- Desktop-HRDesktop-araju-WinXPSP2 Previous message repeated 1 times
2018-08-31 07:58:27.508Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 07:57:57.558Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-31 07:57:57.558Desktop-HRDesktop-araju-WinXPSP2OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 06:18:09.812DMZ-Apache-FTP-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-31 06:18:09.812DMZ-Apache-FTP-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-31 05:42:08.192Desktop-AD-2k8OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-31 05:42:08.192Desktop-AD-2k8OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-30 06:31:50.201DMZ-Apache-Win2k3SQL url ending in comment characters - possible sql injection attempt
- DMZ-Apache-Win2k3 Previous message repeated 10 times
2018-08-29 11:39:56.087DMZ-Apache-FTP-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-28 12:50:32.867overcastSQL 1 = 1 - possible sql injection attempt
2018-08-27 16:03:35.457wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 2 times
2018-08-27 16:03:34.923wjmccannSERVER-WEBAPP JBoss JMX console access attempt
2018-08-27 16:03:34.635wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
2018-08-27 01:18:59.897DMZ-ShopSERVER-WEBAPP JBoss web console access attempt
2018-08-27 01:15:28.202DMZ-ShopOS-OTHER Bash CGI environment variable injection attempt
- DMZ-Shop Previous message repeated 122 times
2018-08-26 22:37:22.268Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-26 22:37:22.268Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-26 22:19:40.252wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 1 times
2018-08-26 22:19:39.901wjmccannSERVER-WEBAPP JBoss JMX console access attempt
2018-08-26 22:19:39.849wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 1 times
2018-08-26 13:29:56.181wjmccannOS-OTHER Bash CGI environment variable injection attempt
- wjmccann Previous message repeated 66 times
2018-08-26 12:56:50.971wjmccannSERVER-WEBAPP JBoss JMX console access attempt
2018-08-26 12:56:50.742wjmccannPOLICY-OTHER Adobe ColdFusion component browser access attempt
2018-08-26 12:56:23.903wjmccannMALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt
- wjmccann Previous message repeated 3 times
2018-08-26 12:56:19.752wjmccannSERVER-WEBAPP JBoss web console access attempt
2018-08-26 12:50:42.465wjmccannSERVER-WEBAPP JBoss JMX console access attempt
2018-08-26 12:49:07.416wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 4 times
2018-08-26 12:46:06.085wjmccannSQL generic sql with comments injection attempt - GET parameter
- wjmccann Previous message repeated 2 times
2018-08-26 12:44:12.289wjmccannSERVER-WEBAPP JBoss web console access attempt
2018-08-26 12:44:02.409wjmccannOS-OTHER Bash CGI environment variable injection attempt
- wjmccann Previous message repeated 60 times
2018-08-25 11:38:32.327wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 4 times
2018-08-25 11:34:30.199wjmccannSQL generic sql with comments injection attempt - GET parameter
- wjmccann Previous message repeated 2 times
2018-08-25 11:33:36.869wjmccannSERVER-WEBAPP JBoss web console access attempt
2018-08-25 11:33:26.145wjmccannOS-OTHER Bash CGI environment variable injection attempt
- wjmccann Previous message repeated 60 times
2018-08-25 10:33:35.507wjmccannSQL 1 = 1 - possible sql injection attempt
2018-08-25 08:04:43.402Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-25 08:04:43.402Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- Desktop-Win7 Previous message repeated 1 times
2018-08-25 07:51:54.071Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-24 22:10:11.797wjmccannSQL 1 = 1 - possible sql injection attempt
2018-08-24 17:38:37.734wjmccannSERVER-WEBAPP JBoss JMX console access attempt
2018-08-24 17:38:33.744wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 3 times
2018-08-24 17:38:29.374wjmccannSERVER-WEBAPP JBoss JMX console access attempt
- wjmccann Previous message repeated 2 times
2018-08-24 17:38:27.93wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 8 times
2018-08-24 17:38:11.776wjmccannSERVER-WEBAPP JBoss JMX console access attempt
2018-08-24 17:38:10.351wjmccannPOLICY-OTHER Adobe ColdFusion admin interface access attempt
- wjmccann Previous message repeated 10 times
2018-08-24 17:16:59.702DMZ-Apache-FTP-DebianSERVER-WEBAPP /etc/passwd file access attempt
2018-08-24 08:16:26.577Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
2018-08-24 08:16:26.577Desktop-Win7OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-23 23:13:32.718wjmccannSQL 1 = 1 - possible sql injection attempt
2018-08-23 07:16:48.18DMZ-Apache-FTP-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt
2018-08-23 07:16:48.18DMZ-Apache-FTP-DebianOS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt
- DMZ-Apache-FTP-Debian Previous message repeated 2 times
2018-08-23 02:38:29.126HudsonSQL url ending in comment characters - possible sql injection attempt
- Hudson Previous message repeated 9 times
2018-08-23 02:33:44.441HudsonSQL 1 = 1 - possible sql injection attempt
- Hudson Previous message repeated 3 times
2018-08-23 02:31:27.005HudsonSQL url ending in comment characters - possible sql injection attempt
- Hudson Previous message repeated 9 times
2018-08-23 02:31:11.267HudsonSQL 1 = 1 - possible sql injection attempt
- Hudson Previous message repeated 1 times
2018-08-22 10:14:06.613DMZ-Apache-FTP-DebianSERVER-WEBAPP /etc/passwd file access attempt
2018-08-22 05:06:24.113DMZ-www1-DebianSERVER-WEBAPP /etc/passwd file access attempt
- DMZ-www1-Debian Previous message repeated 2 times
2018-08-21 05:12:36.816DMZ-Apache-FTP-DebianSERVER-WEBAPP /etc/passwd file access attempt
2018-08-21 04:39:47.003overcastSQL 1 = 1 - possible sql injection attempt
- overcast Previous message repeated 3 times
2018-08-20 00:18:44.153mdeousOS-OTHER Bash CGI environment variable injection attempt
- mdeous Previous message repeated 241 times
2018-08-20 00:17:09.763mdeousPOLICY-OTHER Adobe ColdFusion admin interface access attempt
2018-08-20 00:17:09.761mdeousOS-OTHER Bash CGI environment variable injection attempt
- mdeous Previous message repeated 141 times
2018-08-20 00:16:18.277mdeousPOLICY-OTHER Adobe ColdFusion admin interface access attempt
2018-08-20 00:16:17.619mdeousOS-OTHER Bash CGI environment variable injection attempt