Network Blackbox

Download 51
Last updated Jan 1, 2024

nbb-contents

Search contents from Quad Miners Network Blackbox.

nbb-contents [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [src-ip=SRC-IP] [src-port=SRC-PORT] [dst-ip=DST-IP] [dst-port=DST-PORT] [md5=MD5] [sha1=SHA1] [sha256=SHA256]
profile=PROFILE
The identifier of Network Blackbox connect profile
duration=NUM{mon|w|d|h|m|s}
Scan only recent contents. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss
Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss
End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
src-ip=SRC-IP
Find by source IP address.
src-port=SRC-PORT
Find by source port.
dst-ip=DST-IP
Find by destination IP address.
dst-port=DST-PORT
Find by destination port.
md5=MD5
Find by MD5 hash.
sha1=SHA1
Find by SHA-1 hash.
sha256=SHA256
Find by SHA-256 hash.

Output Fields

FieldTypeNameDescription
_timeDateTimeSession created time.
profileStringConnect profileThe identifier of Network Blackbox connect profile
device_ipIP addressDevice IP
device_idIntegerDevice IDe.g. 5900
session_idIntegerSession IDe.g. 11807
hashLongHashSession identifier. e.g. 3742031626
src_ipIP addressSource IP
src_portIntegerSource port
dst_ipIP addressDestination IP
dst_portIntegerDestination port
hostStringHoste.g. naver.com
categoryStringCategorye.g. cloud
actionStringActione.g. download
signatureStringRule name
detect_rule_namesListDetected rule names
host_idIntegerHost ID
extract_rule_idIntegerExtract rule ID
createdDateCreated at
queryStringQuerySearch engine keywords.
mail_subjectStringmail_subjectmail_subject
mail_fromStringmail_frommail_from
mail_toStringmail_tomail_to
filesListFilesuuid, file_name, file_size, file_type_name, md5, sha256 properties.