### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
zeek_init []
new_connection [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 55767,
        "resp_h": "172.20.10.1",
        "resp_p": 53
      },
      "orig": {
        "size": 42,
        "state": 1,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.951343,
      "duration": 0,
      "service": [],
      "history": "D",
      "uid": "CHhAvVGS1DHFjwGM9",
      "service_violation": [],
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false
    }
  }
]
dns_message [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 55767,
        "resp_h": "172.20.10.1",
        "resp_p": 53
      },
      "orig": {
        "size": 42,
        "state": 1,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.951343,
      "duration": 0,
      "service": [],
      "history": "D",
      "uid": "CHhAvVGS1DHFjwGM9",
      "service_violation": [],
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false
    }
  },
  {
    "name": "is_orig",
    "value": true
  },
  {
    "name": "msg",
    "value": {
      "id": 43556,
      "opcode": 0,
      "rcode": 0,
      "QR": false,
      "AA": false,
      "TC": false,
      "RD": true,
      "RA": false,
      "Z": 0,
      "AD": false,
      "CD": false,
      "num_queries": 1,
      "num_answers": 0,
      "num_auth": 0,
      "num_addl": 1
    }
  },
  {
    "name": "len",
    "value": 42
  }
]
dns_request [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 55767,
        "resp_h": "172.20.10.1",
        "resp_p": 53
      },
      "orig": {
        "size": 42,
        "state": 1,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.951343,
      "duration": 0,
      "service": [],
      "history": "D",
      "uid": "CHhAvVGS1DHFjwGM9",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "dns": {
        "ts": 1630238733.951343,
        "uid": "CHhAvVGS1DHFjwGM9",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 55767,
          "resp_h": "172.20.10.1",
          "resp_p": 53
        },
        "proto": "udp",
        "trans_id": 43556,
        "AA": false,
        "TC": false,
        "RD": false,
        "RA": false,
        "Z": 0,
        "rejected": false,
        "saw_query": false,
        "saw_reply": false
      },
      "dns_state": {
        "pending_query": {
          "ts": 1630238733.951343,
          "uid": "CHhAvVGS1DHFjwGM9",
          "id": {
            "orig_h": "172.20.10.3",
            "orig_p": 55767,
            "resp_h": "172.20.10.1",
            "resp_p": 53
          },
          "proto": "udp",
          "trans_id": 43556,
          "AA": false,
          "TC": false,
          "RD": false,
          "RA": false,
          "Z": 0,
          "rejected": false,
          "saw_query": false,
          "saw_reply": false
        }
      },
      "ftp_data_reuse": false
    }
  },
  {
    "name": "msg",
    "value": {
      "id": 43556,
      "opcode": 0,
      "rcode": 0,
      "QR": false,
      "AA": false,
      "TC": false,
      "RD": true,
      "RA": false,
      "Z": 0,
      "AD": false,
      "CD": false,
      "num_queries": 1,
      "num_answers": 0,
      "num_auth": 0,
      "num_addl": 1
    }
  },
  {
    "name": "query",
    "value": "corelight.com"
  },
  {
    "name": "qtype",
    "value": 1
  },
  {
    "name": "qclass",
    "value": 1
  },
  {
    "name": "original_query",
    "value": "corelight.com"
  }
]
dns_message [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 55767,
        "resp_h": "172.20.10.1",
        "resp_p": 53
      },
      "orig": {
        "size": 42,
        "state": 1,
        "num_pkts": 1,
        "num_bytes_ip": 70,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 74,
        "state": 1,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.951343,
      "duration": 0.03791093826293945,
      "service": [
        "DNS"
      ],
      "history": "Dd",
      "uid": "CHhAvVGS1DHFjwGM9",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "dns": {
        "ts": 1630238733.951343,
        "uid": "CHhAvVGS1DHFjwGM9",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 55767,
          "resp_h": "172.20.10.1",
          "resp_p": 53
        },
        "proto": "udp",
        "trans_id": 43556,
        "query": "corelight.com",
        "qclass": 1,
        "qclass_name": "C_INTERNET",
        "qtype": 1,
        "qtype_name": "A",
        "AA": false,
        "TC": false,
        "RD": true,
        "RA": false,
        "Z": 0,
        "rejected": false,
        "saw_query": true,
        "saw_reply": false
      },
      "dns_state": {
        "pending_query": {
          "ts": 1630238733.951343,
          "uid": "CHhAvVGS1DHFjwGM9",
          "id": {
            "orig_h": "172.20.10.3",
            "orig_p": 55767,
            "resp_h": "172.20.10.1",
            "resp_p": 53
          },
          "proto": "udp",
          "trans_id": 43556,
          "query": "corelight.com",
          "qclass": 1,
          "qclass_name": "C_INTERNET",
          "qtype": 1,
          "qtype_name": "A",
          "AA": false,
          "TC": false,
          "RD": true,
          "RA": false,
          "Z": 0,
          "rejected": false,
          "saw_query": true,
          "saw_reply": false
        }
      },
      "ftp_data_reuse": false
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "msg",
    "value": {
      "id": 43556,
      "opcode": 0,
      "rcode": 0,
      "QR": true,
      "AA": false,
      "TC": false,
      "RD": true,
      "RA": true,
      "Z": 0,
      "AD": false,
      "CD": false,
      "num_queries": 1,
      "num_answers": 2,
      "num_auth": 0,
      "num_addl": 1
    }
  },
  {
    "name": "len",
    "value": 74
  }
]
new_connection [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0,
      "service": [],
      "history": "",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false
    }
  }
]
http_request [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.01784205436706543,
      "service": [
        "HTTP"
      ],
      "history": "ShAD",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false
    }
  },
  {
    "name": "method",
    "value": "GET"
  },
  {
    "name": "original_URI",
    "value": "/"
  },
  {
    "name": "unescaped_URI",
    "value": "/"
  },
  {
    "name": "version",
    "value": "1.1"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.01784205436706543,
      "service": [
        "HTTP"
      ],
      "history": "ShAD",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "uri": "/",
        "request_body_len": 0,
        "response_body_len": 0,
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 0
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "uri": "/",
            "request_body_len": 0,
            "response_body_len": 0,
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 0
          }
        },
        "current_request": 1,
        "current_response": 0,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": true
  },
  {
    "name": "original_name",
    "value": "Host"
  },
  {
    "name": "name",
    "value": "HOST"
  },
  {
    "name": "value",
    "value": "corelight.com"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.01784205436706543,
      "service": [
        "HTTP"
      ],
      "history": "ShAD",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "request_body_len": 0,
        "response_body_len": 0,
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 0
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "request_body_len": 0,
            "response_body_len": 0,
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 0
          }
        },
        "current_request": 1,
        "current_response": 0,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": true
  },
  {
    "name": "original_name",
    "value": "User-Agent"
  },
  {
    "name": "name",
    "value": "USER-AGENT"
  },
  {
    "name": "value",
    "value": "curl/7.76.1"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.01784205436706543,
      "service": [
        "HTTP"
      ],
      "history": "ShAD",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 0
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 0
          }
        },
        "current_request": 1,
        "current_response": 0,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": true
  },
  {
    "name": "original_name",
    "value": "Accept"
  },
  {
    "name": "name",
    "value": "ACCEPT"
  },
  {
    "name": "value",
    "value": "*/*"
  }
]
get_file_handle [
  {
    "name": "tag",
    "value": "Analyzer::ANALYZER_HTTP"
  },
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.01784205436706543,
      "service": [
        "HTTP"
      ],
      "history": "ShAD",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "orig_mime_depth": 1,
        "resp_mime_depth": 0
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "orig_mime_depth": 1,
            "resp_mime_depth": 0
          }
        },
        "current_request": 1,
        "current_response": 0,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": true
  }
]
http_message_done [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.01784205436706543,
      "service": [
        "HTTP"
      ],
      "history": "ShAD",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "orig_mime_depth": 1,
        "resp_mime_depth": 0
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "orig_mime_depth": 1,
            "resp_mime_depth": 0
          }
        },
        "current_request": 1,
        "current_response": 0,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": true
  },
  {
    "name": "stat",
    "value": {
      "start": 1630238734.007674,
      "interrupted": false,
      "finish_msg": "message ends normally",
      "body_length": 0,
      "content_gap_length": 0,
      "header_length": 67
    }
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Date"
  },
  {
    "name": "name",
    "value": "DATE"
  },
  {
    "name": "value",
    "value": "Sun, 29 Aug 2021 12:05:34 GMT"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Connection"
  },
  {
    "name": "name",
    "value": "CONNECTION"
  },
  {
    "name": "value",
    "value": "keep-alive"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Location"
  },
  {
    "name": "name",
    "value": "LOCATION"
  },
  {
    "name": "value",
    "value": "https://corelight.com/"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Cache-Control"
  },
  {
    "name": "name",
    "value": "CACHE-CONTROL"
  },
  {
    "name": "value",
    "value": "s-maxage=3600,max-age=120"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Strict-Transport-Security"
  },
  {
    "name": "name",
    "value": "STRICT-TRANSPORT-SECURITY"
  },
  {
    "name": "value",
    "value": "max-age=31536000"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "X-Hs-Https-Only"
  },
  {
    "name": "name",
    "value": "X-HS-HTTPS-ONLY"
  },
  {
    "name": "value",
    "value": "worker"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Report-To"
  },
  {
    "name": "name",
    "value": "REPORT-TO"
  },
  {
    "name": "value",
    "value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=xFhmAO%2F27odapXRIIu6Su0tyQnb7xRRnaW4KarFIktiowjABTmgW%2FQfTTT%2F9YAG%2F7Dn2wkvLMtwjRuXtOEKKvqF50TsGcxNxTI8WRQUUhv9YC%2BVdfCg6FfRKn%2FkCCz4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "NEL"
  },
  {
    "name": "name",
    "value": "NEL"
  },
  {
    "name": "value",
    "value": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Set-Cookie"
  },
  {
    "name": "name",
    "value": "SET-COOKIE"
  },
  {
    "name": "value",
    "value": "__cfruid=e02ce062c7627d878b3dcf8f2ef9382980b7aa05-1630238734; path=/; domain=.corelight.com; HttpOnly"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Server"
  },
  {
    "name": "name",
    "value": "SERVER"
  },
  {
    "name": "value",
    "value": "cloudflare"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "CF-RAY"
  },
  {
    "name": "name",
    "value": "CF-RAY"
  },
  {
    "name": "value",
    "value": "6865a5f7af83874d-DUS"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "alt-svc"
  },
  {
    "name": "name",
    "value": "ALT-SVC"
  },
  {
    "name": "value",
    "value": "h3-27=\":443\"; ma=86400, h3-28=\":443\"; ma=86400, h3-29=\":443\"; ma=86400, h3=\":443\"; ma=86400"
  }
]
http_header [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "current_entity": {},
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "current_entity": {},
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "original_name",
    "value": "Content-Length"
  },
  {
    "name": "name",
    "value": "CONTENT-LENGTH"
  },
  {
    "name": "value",
    "value": "0"
  }
]
get_file_handle [
  {
    "name": "tag",
    "value": "Analyzer::ANALYZER_HTTP"
  },
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  }
]
http_message_done [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 241,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.1940610408782959,
      "service": [
        "HTTP"
      ],
      "history": "ShADad",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {
          "1": {
            "ts": 1630238734.007674,
            "uid": "ClEkJM2Vm5giqnMf4h",
            "id": {
              "orig_h": "172.20.10.3",
              "orig_p": 59588,
              "resp_h": "199.60.103.106",
              "resp_p": 80
            },
            "trans_depth": 1,
            "method": "GET",
            "host": "corelight.com",
            "uri": "/",
            "version": "1.1",
            "user_agent": "curl/7.76.1",
            "request_body_len": 0,
            "response_body_len": 0,
            "status_code": 301,
            "status_msg": "Moved Permanently",
            "tags": [],
            "capture_password": false,
            "range_request": false,
            "orig_mime_depth": 1,
            "resp_mime_depth": 1
          }
        },
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": false
  },
  {
    "name": "stat",
    "value": {
      "start": 1630238734.183893,
      "interrupted": false,
      "finish_msg": "message ends normally",
      "body_length": 0,
      "content_gap_length": 0,
      "header_length": 824
    }
  }
]
new_connection [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 0,
        "num_pkts": 0,
        "num_bytes_ip": 0,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0,
      "service": [],
      "history": "",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false
    }
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 0
  },
  {
    "name": "val",
    "value": "\u0000\u0010\u0000\u0000\rcorelight.com"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 11
  },
  {
    "name": "val",
    "value": "\u0003\u0000\u0001\u0002"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 10
  },
  {
    "name": "val",
    "value": "\u0000\n\u0000\u001d\u0000\u0017\u0000\u001e\u0000\u0019\u0000\u0018"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 13172
  },
  {
    "name": "val",
    "value": ""
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 16
  },
  {
    "name": "val",
    "value": "\u0000\f\u0002h2\bhttp/1.1"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 22
  },
  {
    "name": "val",
    "value": ""
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 23
  },
  {
    "name": "val",
    "value": ""
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 49
  },
  {
    "name": "val",
    "value": ""
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 13
  },
  {
    "name": "val",
    "value": "\u0000 \u0004\u0003\u0005\u0003\u0006\u0003\b\u0007\b\b\b\t\b\n\b\u000b\b\u0004\b\u0005\b\u0006\u0004\u0001\u0005\u0001\u0006\u0001\u0003\u0003\u0003\u0001"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 43
  },
  {
    "name": "val",
    "value": "\u0004\u0003\u0004\u0003\u0003"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 45
  },
  {
    "name": "val",
    "value": "\u0001\u0001"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 51
  },
  {
    "name": "val",
    "value": "\u0000$\u0000\u001d\u0000 ²^6ÌÌ88eRIa\u001b2w»3ýmnãeë56½JP\r"
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "code",
    "value": 21
  },
  {
    "name": "val",
    "value": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"
  }
]
ssl_plaintext_data [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 2,
        "num_bytes_ip": 112,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 0,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.024854183197021484,
      "service": [
        "SSL"
      ],
      "history": "ShAD",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "C",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "record_version",
    "value": 769
  },
  {
    "name": "content_type",
    "value": 22
  },
  {
    "name": "length",
    "value": 512
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 681,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 1388,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.06890416145324707,
      "service": [
        "SSL"
      ],
      "history": "ShADd",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "C",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": false
  },
  {
    "name": "code",
    "value": 51
  },
  {
    "name": "val",
    "value": "\u0000\u001d\u0000 Ï±Ýxsí²'ëïé½¯=°W^\u0019EóËãK\u001f×\u0001H\u0007 "
  }
]
ssl_extension [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 681,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 1388,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.06890416145324707,
      "service": [
        "SSL"
      ],
      "history": "ShADd",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "version_num": 772,
        "version": "TLSv13",
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "C",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": false
  },
  {
    "name": "code",
    "value": 43
  },
  {
    "name": "val",
    "value": "\u0003\u0004"
  }
]
ssl_plaintext_data [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 681,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 1388,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.06890416145324707,
      "service": [
        "SSL"
      ],
      "history": "ShADd",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "version_num": 772,
        "version": "TLSv13",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "Cs",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": false
  },
  {
    "name": "record_version",
    "value": 771
  },
  {
    "name": "content_type",
    "value": 22
  },
  {
    "name": "length",
    "value": 122
  }
]
ssl_plaintext_data [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 517,
        "state": 4,
        "num_pkts": 3,
        "num_bytes_ip": 681,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 1388,
        "state": 4,
        "num_pkts": 1,
        "num_bytes_ip": 60,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.06890416145324707,
      "service": [
        "SSL"
      ],
      "history": "ShADd",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "version_num": 772,
        "version": "TLSv13",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "Csi",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": false
  },
  {
    "name": "record_version",
    "value": 771
  },
  {
    "name": "content_type",
    "value": 20
  },
  {
    "name": "length",
    "value": 1
  }
]
ssl_plaintext_data [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 597,
        "state": 4,
        "num_pkts": 6,
        "num_bytes_ip": 837,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 2592,
        "state": 4,
        "num_pkts": 4,
        "num_bytes_ip": 2808,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.06974601745605469,
      "service": [
        "SSL"
      ],
      "history": "ShADd",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "version_num": 772,
        "version": "TLSv13",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "CsiI",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  },
  {
    "name": "is_client",
    "value": true
  },
  {
    "name": "record_version",
    "value": 771
  },
  {
    "name": "content_type",
    "value": 20
  },
  {
    "name": "length",
    "value": 1
  }
]
ssl_established [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 597,
        "state": 4,
        "num_pkts": 6,
        "num_bytes_ip": 837,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 2592,
        "state": 4,
        "num_pkts": 4,
        "num_bytes_ip": 2808,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.06974601745605469,
      "service": [
        "SSL"
      ],
      "history": "ShADd",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "version_num": 772,
        "version": "TLSv13",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "analyzer_id": 13,
        "established": false,
        "logged": false,
        "hrr_seen": false,
        "ssl_history": "CsiI",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  }
]
connection_state_remove [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 55767,
        "resp_h": "172.20.10.1",
        "resp_p": 53
      },
      "orig": {
        "size": 42,
        "state": 1,
        "num_pkts": 1,
        "num_bytes_ip": 70,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 74,
        "state": 1,
        "num_pkts": 1,
        "num_bytes_ip": 102,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.951343,
      "duration": 0.03791093826293945,
      "service": [
        "DNS"
      ],
      "history": "Dd",
      "uid": "CHhAvVGS1DHFjwGM9",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "dns_state": {},
      "ftp_data_reuse": false
    }
  }
]
connection_state_remove [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 45208,
        "resp_h": "199.60.103.106",
        "resp_p": 443
      },
      "orig": {
        "size": 842,
        "state": 5,
        "num_pkts": 112,
        "num_bytes_ip": 6674,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 96230,
        "state": 5,
        "num_pkts": 137,
        "num_bytes_ip": 103374,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238734.184846,
      "duration": 0.4085841178894043,
      "service": [
        "SSL"
      ],
      "history": "ShADdaFf",
      "uid": "C4J4Th3PJpwUYZZ6gc",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "ssl": {
        "ts": 1630238734.2097,
        "uid": "C4J4Th3PJpwUYZZ6gc",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 45208,
          "resp_h": "199.60.103.106",
          "resp_p": 443
        },
        "version_num": 772,
        "version": "TLSv13",
        "cipher": "TLS_AES_256_GCM_SHA384",
        "curve": "x25519",
        "server_name": "corelight.com",
        "session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
        "resumed": false,
        "client_ticket_empty_session_seen": false,
        "client_key_exchange_seen": false,
        "client_psk_seen": false,
        "established": true,
        "logged": true,
        "hrr_seen": false,
        "ssl_history": "CsiI",
        "server_depth": 0,
        "client_depth": 0
      }
    }
  }
]
get_file_handle [
  {
    "name": "tag",
    "value": "Analyzer::ANALYZER_HTTP"
  },
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 5,
        "num_pkts": 6,
        "num_bytes_ip": 397,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 5,
        "num_pkts": 4,
        "num_bytes_ip": 1070,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.5914499759674072,
      "service": [
        "HTTP"
      ],
      "history": "ShADadFf",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {},
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  },
  {
    "name": "is_orig",
    "value": true
  }
]
connection_state_remove [
  {
    "name": "c",
    "value": {
      "id": {
        "orig_h": "172.20.10.3",
        "orig_p": 59588,
        "resp_h": "199.60.103.106",
        "resp_p": 80
      },
      "orig": {
        "size": 77,
        "state": 5,
        "num_pkts": 6,
        "num_bytes_ip": 397,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:97:73"
      },
      "resp": {
        "size": 854,
        "state": 5,
        "num_pkts": 4,
        "num_bytes_ip": 1070,
        "flow_label": 0,
        "l2_addr": "36:42:62:dd:0a:64"
      },
      "start_time": 1630238733.989832,
      "duration": 0.5914499759674072,
      "service": [
        "HTTP"
      ],
      "history": "ShADadFf",
      "uid": "ClEkJM2Vm5giqnMf4h",
      "service_violation": [],
      "removal_hooks": null,
      "extract_orig": false,
      "extract_resp": false,
      "ftp_data_reuse": false,
      "http": {
        "ts": 1630238734.007674,
        "uid": "ClEkJM2Vm5giqnMf4h",
        "id": {
          "orig_h": "172.20.10.3",
          "orig_p": 59588,
          "resp_h": "199.60.103.106",
          "resp_p": 80
        },
        "trans_depth": 1,
        "method": "GET",
        "host": "corelight.com",
        "uri": "/",
        "version": "1.1",
        "user_agent": "curl/7.76.1",
        "request_body_len": 0,
        "response_body_len": 0,
        "status_code": 301,
        "status_msg": "Moved Permanently",
        "tags": [],
        "capture_password": false,
        "range_request": false,
        "orig_mime_depth": 1,
        "resp_mime_depth": 1
      },
      "http_state": {
        "pending": {},
        "current_request": 1,
        "current_response": 1,
        "trans_depth": 1
      }
    }
  }
]
zeek_done []
