{"ip":"20.204.42.170","exported_at":"2026-06-18T04:01:39+00:00","period_days":30,"metrics":{"events7d":0,"distinct_ports":0,"distinct_classifications":0,"max_severity":null,"last_sensor_id":"paris-1","max_waf_score":null,"max_risk_score":72,"attack_stage":null,"attack_chain_stage":null,"threat_family":[],"recommended_action":null,"confidence":null,"risk_breakdown":[],"mitre_tactics":[],"mitre_technique":null,"top_mitre_technique":null,"top_mitre_count":null,"executive_one_liner_fr":null,"campaign_hint_fr":null,"confidence_breakdown":[],"persona_hostname":null,"correlation_flags":[],"correlation_flags_labels_fr":[],"confidence_pct":null,"confidence_hint_fr":null,"sensor_role_label_fr":null,"tags_summary_labels_fr":[],"tags_summary":[],"attack_vector":null,"protocol_details":[],"protocol_summary_fr":null,"evidence_snippet":null,"target_port_label":null,"emulator_service":null,"confidence_reason":null,"classification_reason":null,"classification_reason_label_fr":null,"confidence_factors_fr":null,"payload_preview":null},"events":[{"id":7412750,"ip":"20.204.42.170","ts":"2026-05-20 18:45:20.000000","proto":"tcp","src_port":1647,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412747,"ip":"20.204.42.170","ts":"2026-05-20 18:45:19.000000","proto":"tcp","src_port":1641,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412748,"ip":"20.204.42.170","ts":"2026-05-20 18:45:19.000000","proto":"tcp","src_port":1646,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412749,"ip":"20.204.42.170","ts":"2026-05-20 18:45:19.000000","proto":"tcp","src_port":1427,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412744,"ip":"20.204.42.170","ts":"2026-05-20 18:45:18.000000","proto":"tcp","src_port":1645,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412745,"ip":"20.204.42.170","ts":"2026-05-20 18:45:18.000000","proto":"tcp","src_port":1461,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412746,"ip":"20.204.42.170","ts":"2026-05-20 18:45:18.000000","proto":"tcp","src_port":1460,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412741,"ip":"20.204.42.170","ts":"2026-05-20 18:45:17.000000","proto":"tcp","src_port":1642,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412742,"ip":"20.204.42.170","ts":"2026-05-20 18:45:17.000000","proto":"tcp","src_port":1643,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412743,"ip":"20.204.42.170","ts":"2026-05-20 18:45:17.000000","proto":"tcp","src_port":1644,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412738,"ip":"20.204.42.170","ts":"2026-05-20 18:45:16.000000","proto":"tcp","src_port":1634,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412739,"ip":"20.204.42.170","ts":"2026-05-20 18:45:16.000000","proto":"tcp","src_port":1636,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412740,"ip":"20.204.42.170","ts":"2026-05-20 18:45:16.000000","proto":"tcp","src_port":1641,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412736,"ip":"20.204.42.170","ts":"2026-05-20 18:45:15.000000","proto":"tcp","src_port":1412,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412737,"ip":"20.204.42.170","ts":"2026-05-20 18:45:15.000000","proto":"tcp","src_port":1067,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412734,"ip":"20.204.42.170","ts":"2026-05-20 18:45:15.000000","proto":"tcp","src_port":1631,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412735,"ip":"20.204.42.170","ts":"2026-05-20 18:45:15.000000","proto":"tcp","src_port":1632,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412731,"ip":"20.204.42.170","ts":"2026-05-20 18:45:14.000000","proto":"tcp","src_port":1629,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412733,"ip":"20.204.42.170","ts":"2026-05-20 18:45:14.000000","proto":"tcp","src_port":1630,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412727,"ip":"20.204.42.170","ts":"2026-05-20 18:45:13.000000","proto":"tcp","src_port":1626,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412728,"ip":"20.204.42.170","ts":"2026-05-20 18:45:13.000000","proto":"tcp","src_port":1627,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412729,"ip":"20.204.42.170","ts":"2026-05-20 18:45:13.000000","proto":"tcp","src_port":1628,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412730,"ip":"20.204.42.170","ts":"2026-05-20 18:45:13.000000","proto":"tcp","src_port":1469,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412723,"ip":"20.204.42.170","ts":"2026-05-20 18:45:12.000000","proto":"tcp","src_port":1624,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412725,"ip":"20.204.42.170","ts":"2026-05-20 18:45:12.000000","proto":"tcp","src_port":1625,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412726,"ip":"20.204.42.170","ts":"2026-05-20 18:45:12.000000","proto":"tcp","src_port":1459,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412720,"ip":"20.204.42.170","ts":"2026-05-20 18:45:11.000000","proto":"tcp","src_port":1412,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412721,"ip":"20.204.42.170","ts":"2026-05-20 18:45:11.000000","proto":"tcp","src_port":1623,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412722,"ip":"20.204.42.170","ts":"2026-05-20 18:45:11.000000","proto":"tcp","src_port":1455,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412716,"ip":"20.204.42.170","ts":"2026-05-20 18:45:10.000000","proto":"tcp","src_port":1048,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412718,"ip":"20.204.42.170","ts":"2026-05-20 18:45:10.000000","proto":"tcp","src_port":1621,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412719,"ip":"20.204.42.170","ts":"2026-05-20 18:45:10.000000","proto":"tcp","src_port":1622,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412713,"ip":"20.204.42.170","ts":"2026-05-20 18:45:09.000000","proto":"tcp","src_port":1452,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412714,"ip":"20.204.42.170","ts":"2026-05-20 18:45:09.000000","proto":"tcp","src_port":1471,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412715,"ip":"20.204.42.170","ts":"2026-05-20 18:45:09.000000","proto":"tcp","src_port":1453,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412709,"ip":"20.204.42.170","ts":"2026-05-20 18:45:08.000000","proto":"tcp","src_port":1457,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412710,"ip":"20.204.42.170","ts":"2026-05-20 18:45:08.000000","proto":"tcp","src_port":1465,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412711,"ip":"20.204.42.170","ts":"2026-05-20 18:45:08.000000","proto":"tcp","src_port":1188,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412712,"ip":"20.204.42.170","ts":"2026-05-20 18:45:08.000000","proto":"tcp","src_port":1620,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412706,"ip":"20.204.42.170","ts":"2026-05-20 18:45:07.000000","proto":"tcp","src_port":1618,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412707,"ip":"20.204.42.170","ts":"2026-05-20 18:45:07.000000","proto":"tcp","src_port":1433,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412708,"ip":"20.204.42.170","ts":"2026-05-20 18:45:07.000000","proto":"tcp","src_port":1619,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412702,"ip":"20.204.42.170","ts":"2026-05-20 18:45:06.000000","proto":"tcp","src_port":1614,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412703,"ip":"20.204.42.170","ts":"2026-05-20 18:45:06.000000","proto":"tcp","src_port":1615,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412704,"ip":"20.204.42.170","ts":"2026-05-20 18:45:06.000000","proto":"tcp","src_port":1617,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412699,"ip":"20.204.42.170","ts":"2026-05-20 18:45:05.000000","proto":"tcp","src_port":1424,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412700,"ip":"20.204.42.170","ts":"2026-05-20 18:45:05.000000","proto":"tcp","src_port":1464,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412701,"ip":"20.204.42.170","ts":"2026-05-20 18:45:05.000000","proto":"tcp","src_port":1467,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412696,"ip":"20.204.42.170","ts":"2026-05-20 18:45:04.000000","proto":"tcp","src_port":1611,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116},{"id":7412697,"ip":"20.204.42.170","ts":"2026-05-20 18:45:04.000000","proto":"tcp","src_port":1613,"dst_port":135,"service":"msrpc","classification":"msrpc","waf_score":null,"waf_tags":null,"http_method":null,"http_target":null,"sensor_id":"paris-1","meta":"{\u0022bytes_in\u0022: 116, \u0022payload_entropy\u0022: 4.051188106860829, \u0022port_category\u0022: \u0022well_known\u0022, \u0022org\u0022: \u0022Microsoft Corporation\u0022, \u0022service\u0022: \u0022msrpc\u0022, \u0022app_proto\u0022: \u0022msrpc\u0022, \u0022asn\u0022: 8075, \u0022country\u0022: \u0022IN\u0022, \u0022tag_count\u0022: 0, \u0022anomaly_count\u0022: 0, \u0022risk_score\u0022: 0, \u0022campaign_key\u0022: \u00224ca75bafedc497ca4fec409b1a394b80b467a571\u0022, \u0022event_fingerprint\u0022: \u0022ee04cb302187f8727d545b1eea4782a6fc19fb64\u0022}","tls_sni":null,"tls_ja3_hash":null,"tls_ja3":null,"http_version":null,"http_host":null,"http_user_agent":null,"http_referer":null,"tags":"[]","anomalies":"[]","severity":0,"bytes_in":116}],"total_events":549}