null, "_source": { "ip_rep": "known attacker", "t-pot_hostname": "massshoemaker", "http_uri": "/", "geoip": { "as_org": "Aljeel Aljadeed for Technology", "timezone": "Africa/Tripoli", "ip": "YYY.YYY.YYY.YYY", "latitude": 25, "country_name": "Libya", "country_code2": "LY", "continent_code": "AF", "country_code3": "LY", "location": { "lon": 17, "lat": 25 }, "asn": 37284, "longitude": 17 }, "t-pot_ip_int": "172.31.26.55", "message": "2018-06-13 16:21:55,148 (glastopf.glastopf) YYY.YYY.YYY.YYY requested GET / on cf9f13d55e26:80", "type": "Glastopf", "src_ip": "YYY.YYY.YYY.YYY", "t-pot_ip_ext": "XXX.XXX.XXX.XXX", "path": "/data/glastopf/log/glastopf.log", "@timestamp": "2018-06-13T16:21:55.148Z", "http_method": "GET", "@version": "1", "host": "83bc2b6ed990", "dest_port": 80 }, "fields": { "@timestamp": [ 1528906915148 ] }, "highlight": { "type": [ "@kibana-highlighted-field@Glastopf@/kibana-highlighted-field @" ] }, "sort": [ 1528906915148 ] } GlastopfでHTTP攻撃を観察する GlastopfからElasticSearchへの連携情報 情報が足りない! (HTTPヘッダーがない、POSTデータがない。) 34