nbb-contents

Search contents from Quad Miners Network Blackbox.

nbb-contents [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [src-ip=SRC-IP] [src-port=SRC-PORT] [dst-ip=DST-IP] [dst-port=DST-PORT] [md5=MD5] [sha1=SHA1] [sha256=SHA256]

profile=PROFILE: The identifier of Network Blackbox connect profile
duration=NUM{mon|w|d|h|m|s}: Scan only recent contents. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss: Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss: End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
src-ip=SRC-IP: Find by source IP address.
src-port=SRC-PORT: Find by source port.
dst-ip=DST-IP: Find by destination IP address.
dst-port=DST-PORT: Find by destination port.
md5=MD5: Find by MD5 hash.
sha1=SHA1: Find by SHA-1 hash.
sha256=SHA256: Find by SHA-256 hash.

Output Fields

Field	Type	Name	Description
_time	Date	Time	Session created time.
profile	String	Connect profile	The identifier of Network Blackbox connect profile
device_ip	IP address	Device IP
device_id	Integer	Device ID	e.g. 5900
session_id	Integer	Session ID	e.g. 11807
hash	Long	Hash	Session identifier. e.g. 3742031626
src_ip	IP address	Source IP
src_port	Integer	Source port
dst_ip	IP address	Destination IP
dst_port	Integer	Destination port
host	String	Host	e.g. naver.com
category	String	Category	e.g. cloud
action	String	Action	e.g. download
signature	String	Rule name
detect_rule_names	List	Detected rule names
host_id	Integer	Host ID
extract_rule_id	Integer	Extract rule ID
created	Date	Created at
query	String	Query	Search engine keywords.
mail_subject	String	mail_subject	mail_subject
mail_from	String	mail_from	mail_from
mail_to	String	mail_to	mail_to
files	List	Files	uuid, file_name, file_size, file_type_name, md5, sha256 properties.