OPTIONAL: LOW: Sandbox Connection Report

DESCRIPTION LAST UPDATED:  2023-12-07

DEFAULT SEVERITY LEVEL: LOW

OPTIONAL REPORT

This is an optional report, you need to explicitly request it.

This report is a summary of all the connections that our Sandbox system saw (filtered for your constituency). Please note this includes scanning attempts from the binaries as well.

Severity levels are described here.

Filename(s): sandbox_conn

Fields

  • timestamp
    Timestamp in UTC+0
  • severity
    Severity level
  • ip
    IP being contacted (destination IP) from the Sandbox
  • asn
    ASN of IP being contacted
  • geo
    Geo (country code) of IP being contacted
  • md5
    MD5 of the binary making the connections
  • protocol
    Which protocol was used to contact the remote IP
  • port
    Port accessed on the remote IP
  • hostname
    Reverse DNS of the IP accessed
  • bytes_in
    Bytes in
  • bytes_out
    Bytes out
  • region
    Region of contacted IP
  • city
    City of contacted IP
  • naics
    North American Industry Classification System Cod
  • sector
    Sector of the IP contacted
  • sha1
    SHA1 of the binary making the connections
  • sha256
    SHA256 of the binary making the connections

Sample

"timestamp","severity","ip","asn","geo","md5","protocol","port","hostname","bytes_in","bytes_out","region","city","naics","sector","sha1","sha256"
"2010-02-10 00:00:00",low,192.168.0.1,64512,ZZ,e71ad9f1a5daa04fe2d71497ddb52cf2,tcp,443,node01.example.com,0,0,Region,City,0,"Communications, Service Provider, and Hosting Service",0dd5db512f6ab237df6908f439ef1b82c8e34cc6,ce148d3575cd4114fbf311e65de4985194a405b97fb9089f40829b435c146cc5
"2010-02-10 00:00:01",low,192.168.0.2,64512,ZZ,5b29bfc62ea6f606af861a2ba9d7f37d,tcp,443,node02.example.com,0,0,Region,City,0,"Communications, Service Provider, and Hosting Service",5147e3b07afe33e511a05ecb6b3f7482a9160204,9249ffab91af16234539502160f04f7d5705d85e74618ea3bc7fb5ffc384a390
"2010-02-10 00:00:02",low,192.168.0.3,64512,ZZ,5b29bfc62ea6f606af861a2ba9d7f37d,tcp,443,node03.example.com,0,0,Region,City,0,"Communications, Service Provider, and Hosting Service",5147e3b07afe33e511a05ecb6b3f7482a9160204,9249ffab91af16234539502160f04f7d5705d85e74618ea3bc7fb5ffc384a390

Our 131 Report Types