key "attack_uuid" is "00000000-0000-0000-0000-000000000000"
deivisonmarteleto opened this issue · 1 comments
I was checking the data that fastnetmon saves in mongo, I noticed that the "attack_uuid" key is "00000000-0000-0000-0000-000000000000"
use 1.2.7 (opensource)
{ "_id" : ObjectId("65496f63d3dcccc998064bd1"), "xxxxxxxxx_information_06_11_23_19:57:28" : { "action" : "ban", "alert_scope" : "host", "attack_details" : { "attack_uuid" : "00000000-0000-0000-0000-000000000000", "host_group" : "global", "incoming_dropped_pps" : 0, "incoming_dropped_traffic" : 0, "incoming_dropped_traffic_bits" : 0, "incoming_icmp_pps" : 0, "incoming_icmp_traffic" : 0, "incoming_icmp_traffic_bits" : 0, "incoming_ip_fragmented_pps" : 0, "incoming_ip_fragmented_traffic" : 0, "incoming_ip_fragmented_traffic_bits" : 0, "incoming_syn_tcp_pps" : 134, "incoming_syn_tcp_traffic" : 43872, "incoming_syn_tcp_traffic_bits" : 350976, "incoming_tcp_pps" : 135, "incoming_tcp_traffic" : 43921, "incoming_tcp_traffic_bits" : 351368, "incoming_udp_pps" : 0, "incoming_udp_traffic" : 0, "incoming_udp_traffic_bits" : 0, "outgoing_dropped_pps" : 0, "outgoing_dropped_traffic" : 0, "outgoing_dropped_traffic_bits" : 0, "outgoing_icmp_pps" : 0, "outgoing_icmp_traffic" : 0, "outgoing_icmp_traffic_bits" : 0, "outgoing_ip_fragmented_pps" : 0, "outgoing_ip_fragmented_traffic" : 0, "outgoing_ip_fragmented_traffic_bits" : 0, "outgoing_syn_tcp_pps" : 0, "outgoing_syn_tcp_traffic" : 0, "outgoing_syn_tcp_traffic_bits" : 0, "outgoing_tcp_pps" : 0, "outgoing_tcp_traffic" : 0, "outgoing_tcp_traffic_bits" : 0, "outgoing_udp_pps" : 0, "outgoing_udp_traffic" : 0, "outgoing_udp_traffic_bits" : 0, "protocol_version" : "IPv4", "total_incoming_flows" : 12, "total_incoming_pps" : 135, "total_incoming_traffic" : 43921, "total_incoming_traffic_bits" : 351368, "total_outgoing_flows" : 0, "total_outgoing_pps" : 0, "total_outgoing_traffic" : 0, "total_outgoing_traffic_bits" : 0 }, "ip" : "xxxxxxxxxxxxx" } }
Hello!
Thank you for feedback!
I do not think that we use UUID anywhere for anything meaningful. If you need unique identifier you can use ObjectId().