ngfcti-alerts
Get alerts from NGFCTI service.
ngfcti-alerts [proxy=PROXY] [from=yyyyMMdd] [raw=t]
- proxy=PROXY
- Proxy server setting If not specified, send feed requests directly without proxy server. e.g. IP:PORT
- from=yyyyMMdd
- Target date in yyyyMMdd format. If not specified, it is set to current date.
- raw=t
- If 't' is specified, output the JSON data to the
rawfield.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Detection time | |
| src_ip | IP address | Source IP address | |
| src_port | Integer | Source port | |
| dst_ip | IP address | Destination IP address | |
| dst_port | Integer | Destination port | |
| src_country | String | Source country | |
| signature | String | Signature | |
| reason | String | Reason | |
| raw_data | String | Raw data | e.g. WAF payload |
| stix_id | String | STIX ID | |
| created | Date | Created | |
| updated | Date | Updated |