Sep 10 07:46:47 bastion LinuxCommandsWazuh: User ubuntu [2972390]: 1999 sudo ./nmap.sh Sep 10 11:17:37 bastion LinuxCommandsWazuh: User ankur [2992207]: 1991 exit Sep 10 11:17:43 bastion LinuxCommandsWazuh: User ankur [2992417]: 1991 exit Sep 10 11:17:45 bastion LinuxCommandsWazuh: User ankur [2992417]: 1992 ls Sep 10 11:19:02 bastion LinuxCommandsWazuh: User ankur [2992417]: 1993 k get pods | grep nitrox Sep 10 11:19:28 bastion LinuxCommandsWazuh: User ankur [2992417]: 1994 k logs -f nitrox-dramatiq-8bb54b5b-6hdz4 Sep 10 11:19:33 bastion LinuxCommandsWazuh: User ankur [2992417]: 1995 k get pods Sep 10 11:19:33 bastion LinuxCommandsWazuh: User ankur [2992417]: 1995 k get pods Sep 10 11:19:38 bastion LinuxCommandsWazuh: User ankur [2992417]: 1996 k get pods | grep dakiya Sep 10 11:19:52 bastion LinuxCommandsWazuh: User ankur [2992417]: 1997 k logs -f dakiya-68595f49b-bqs7t Sep 10 11:34:15 bastion LinuxCommandsWazuh: User ankur [2992417]: 1998 k logs -f nitrox-dramatiq-8bb54b5b-6hdz4 Sep 10 11:34:18 bastion LinuxCommandsWazuh: User ankur [2992417]: 1999 k get pods | grep dakiya Sep 10 11:34:22 bastion LinuxCommandsWazuh: User ankur [2992417]: 2000 k get pods | grep nitrox Sep 10 11:34:29 bastion LinuxCommandsWazuh: User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 11:36:26 bastion LinuxCommandsWazuh: User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 11:36:27 bastion LinuxCommandsWazuh: message repeated 5 times: [ User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9] Sep 10 11:36:51 bastion LinuxCommandsWazuh: User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 11:36:59 bastion LinuxCommandsWazuh: message repeated 9 times: [ User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9] Sep 10 11:37:00 bastion LinuxCommandsWazuh: User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 11:37:00 bastion LinuxCommandsWazuh: User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 11:43:49 bastion LinuxCommandsWazuh: User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 11:43:49 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ankur [2992417]: 2001 k logs -f nitrox-dj-b96667d74-5qdx9] Sep 10 11:54:25 bastion LinuxCommandsWazuh: User ankur [2992207]: 1992 byobu Sep 10 11:54:29 bastion LinuxCommandsWazuh: User ankur [3029128]: 1991 exit Sep 10 11:54:37 bastion LinuxCommandsWazuh: User ankur [1207763]: 1493 redis Sep 10 11:54:54 bastion LinuxCommandsWazuh: User ankur [1207763]: 1493 redis Sep 10 11:56:01 bastion LinuxCommandsWazuh: User ankur [1207763]: 1493 redis Sep 10 12:01:45 bastion LinuxCommandsWazuh: User ping-pong [3037009]: 54 mongo Sep 10 12:05:40 bastion LinuxCommandsWazuh: User ankur [2992417]: 2002 k get hpa Sep 10 12:19:32 bastion LinuxCommandsWazuh: User ankur [3043340]: 1991 byobu Sep 10 12:19:42 bastion LinuxCommandsWazuh: User ankur [2992417]: 2003 k get pods | grep vortex Sep 10 12:19:51 bastion LinuxCommandsWazuh: User ankur [2992417]: 2004 k get pods | grep nitrox Sep 10 12:37:12 bastion LinuxCommandsWazuh: User ashish [3061410]: 456 byobu Sep 10 12:37:17 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [3061410]: 456 byobu] Sep 10 12:37:18 bastion LinuxCommandsWazuh: User ashish [3061410]: 457 ls Sep 10 12:37:20 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ashish [3061410]: 457 ls] Sep 10 12:37:25 bastion LinuxCommandsWazuh: User ashish [2788660]: 456 mongo Sep 10 12:41:34 bastion LinuxCommandsWazuh: User ashish [2788660]: 457 redis Sep 10 12:41:34 bastion LinuxCommandsWazuh: User ashish [3061410]: 458 byobu Sep 10 12:41:40 bastion LinuxCommandsWazuh: User ashish [3069821]: 458 redis Sep 10 12:41:44 bastion LinuxCommandsWazuh: User ashish [3069821]: 458 redis Sep 10 12:41:46 bastion LinuxCommandsWazuh: User ashish [3070024]: 460 byobu Sep 10 12:41:49 bastion LinuxCommandsWazuh: User ashish [3070111]: 460 byobu Sep 10 12:42:26 bastion LinuxCommandsWazuh: User ashish [3071370]: 460 byobu Sep 10 12:48:33 bastion LinuxCommandsWazuh: User abhijeet [3087187]: 1998 redis-ssh Sep 10 12:48:56 bastion LinuxCommandsWazuh: User ankur [3043340]: 1991 byobu Sep 10 12:48:58 bastion LinuxCommandsWazuh: User ankur [3043340]: 1992 xit Sep 10 12:50:35 bastion LinuxCommandsWazuh: User abhijeet [3090765]: 1998 redis-ssh Sep 10 12:57:43 bastion LinuxCommandsWazuh: User ashish [3070111]: 461 redis Sep 10 12:59:09 bastion LinuxCommandsWazuh: User ashish [3070111]: 461 redis Sep 10 12:59:45 bastion LinuxCommandsWazuh: User ashish [3070111]: 461 redis Sep 10 13:05:36 bastion LinuxCommandsWazuh: User abhijeet [3090765]: 1998 redis-ssh Sep 10 13:16:41 bastion LinuxCommandsWazuh: User mohtashim [3117457]: 10 exit Sep 10 13:17:59 bastion LinuxCommandsWazuh: User ankur [3118797]: 1991 exit Sep 10 13:24:43 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 1999 redis-ssh Sep 10 13:25:20 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2000 cd bin/ Sep 10 13:25:20 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2001 ls Sep 10 13:26:11 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2002 sudo vi nmap.sh Sep 10 13:26:13 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2003 ./nmap.sh Sep 10 13:26:25 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2004 sudo ./nmap.sh Sep 10 13:29:50 bastion LinuxCommandsWazuh: User ankur [1219049]: 1498 stern urlbird | grep -i "CHECK_USER_IN_FILTER" Sep 10 13:30:15 bastion LinuxCommandsWazuh: User ankur [1119517]: 1509 mongo Sep 10 13:30:22 bastion LinuxCommandsWazuh: User ankur [3944233]: 1840 clickhouse-ssh Sep 10 13:30:34 bastion LinuxCommandsWazuh: User ankur [4087794]: 1844 k logs -f vortex-dramatiq-b86c8b7f6-5mq5l | grep -i DRAMATIQ_TASK: Sep 10 13:30:51 bastion LinuxCommandsWazuh: User ankur [4087794]: 1844 k logs -f vortex-dramatiq-b86c8b7f6-5mq5l | grep -i DRAMATIQ_TASK: Sep 10 13:31:04 bastion LinuxCommandsWazuh: User ankur [4087794]: 1845 stern vortex-dramatiq | grep -i DRAMATIQ_TASK: Sep 10 13:31:37 bastion LinuxCommandsWazuh: User ankur [3700987]: 1586 psql -U postgres Sep 10 13:31:45 bastion LinuxCommandsWazuh: User ankur [1379384]: 1919 redis-url Sep 10 13:31:58 bastion LinuxCommandsWazuh: User ankur [176760]: 1907 mongo Sep 10 13:32:01 bastion LinuxCommandsWazuh: User ankur [3145992]: 1991 exit Sep 10 13:32:16 bastion LinuxCommandsWazuh: User ankur [3145992]: 1992 k get pods | grep nitrox Sep 10 13:32:59 bastion LinuxCommandsWazuh: User ankur [3147832]: 1991 exit Sep 10 13:33:10 bastion LinuxCommandsWazuh: User ankur [3147832]: 1992 k get pods | grep dakiya Sep 10 13:34:49 bastion LinuxCommandsWazuh: User mohtashim [3151328]: 10 exit Sep 10 13:36:04 bastion LinuxCommandsWazuh: User ankur [3145992]: 1993 k logs -f nitrox-dramatiq-8bb54b5b-6hdz4 Sep 10 13:36:20 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2005 sudo vi nmap.sh Sep 10 13:37:33 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2006 pwd Sep 10 13:38:09 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2007 sudo crontab -e Sep 10 13:40:10 bastion LinuxCommandsWazuh: User ankur [3147832]: 1993 k logs -f dakiya-68595f49b-bqs7t Sep 10 13:40:25 bastion LinuxCommandsWazuh: User ankur [3147832]: 1994 k get pods | grep nitrox Sep 10 13:40:39 bastion LinuxCommandsWazuh: User ankur [3147832]: 1995 k logs -f nitrox-dj-b96667d74-5qdx9 Sep 10 13:40:52 bastion LinuxCommandsWazuh: User ankur [3147832]: 1996 k logs -f nitrox-dj-b96667d74-5qdx9 | grep -i USER_DATA_EXPORT>> Sep 10 13:41:59 bastion LinuxCommandsWazuh: User ankur [3165552]: 1991 exit Sep 10 13:42:07 bastion LinuxCommandsWazuh: User ankur [3165552]: 1992 k get pods | grep dakiya Sep 10 13:43:01 bastion LinuxCommandsWazuh: User ankur [3165552]: 1993 k logs -f dakiya-68595f49b-bqs7t Sep 10 13:43:04 bastion LinuxCommandsWazuh: User ankur [3147832]: 1997 k logs -f nitrox-dj-b96667d74-5qdx9 | grep -i "USER_DATA_EXPORT>>" Sep 10 13:43:23 bastion LinuxCommandsWazuh: User ankur [3165552]: 1993 k logs -f dakiya-68595f49b-bqs7t Sep 10 13:43:29 bastion LinuxCommandsWazuh: User ankur [3165552]: 1994 k get pods | grep house Sep 10 13:43:42 bastion LinuxCommandsWazuh: User ankur [3165552]: 1995 k logs -f house-of-click-59fdccdf9-4zp9p Sep 10 13:43:55 bastion LinuxCommandsWazuh: User ankur [3165552]: 1996 k logs -f house-of-click-59fdccdf9-4zp9p | grep get-users-data Sep 10 13:46:36 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 10 exit Sep 10 13:46:53 bastion LinuxCommandsWazuh: User mohtashim [513035]: 594 mongo pixel_v1 Sep 10 13:46:54 bastion LinuxCommandsWazuh: User mohtashim [513035]: 595 clear Sep 10 13:47:59 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2008 redis-ssh Sep 10 13:49:09 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2009 redis-secondary-ssh Sep 10 13:49:15 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2010 dragonflydb-volatile-ssh Sep 10 13:49:31 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2011 redis-secondary-ssh Sep 10 13:49:42 bastion LinuxCommandsWazuh: User mohtashim [3180757]: 10 exit Sep 10 13:50:26 bastion LinuxCommandsWazuh: User mohtashim [3182201]: 10 exit Sep 10 13:50:27 bastion LinuxCommandsWazuh: User mohtashim [3182267]: 10 exit Sep 10 13:50:29 bastion LinuxCommandsWazuh: User mohtashim [3182340]: 10 exit Sep 10 13:50:32 bastion LinuxCommandsWazuh: User ubuntu [3182498]: 1999 redis-ssh Sep 10 13:50:33 bastion LinuxCommandsWazuh: User ubuntu [3182498]: 2000 ls Sep 10 13:50:34 bastion LinuxCommandsWazuh: User ubuntu [3182498]: 2001 cd bin/ Sep 10 13:50:34 bastion LinuxCommandsWazuh: User ubuntu [3182498]: 2002 ls Sep 10 13:50:38 bastion LinuxCommandsWazuh: User ubuntu [3182498]: 2003 cat cpu_and_memory.sh Sep 10 13:51:36 bastion LinuxCommandsWazuh: User ubuntu [3184555]: 1999 exit Sep 10 13:56:35 bastion LinuxCommandsWazuh: User abhijeet [3194492]: 1998 redis-ssh Sep 10 13:56:35 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2012 dragonflydb-volatile-ssh Sep 10 13:56:36 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2013 ls Sep 10 13:56:48 bastion LinuxCommandsWazuh: User abhijeet [3194492]: 1999 cool-ssh Sep 10 13:56:52 bastion LinuxCommandsWazuh: User abhijeet [3194492]: 2000 cool-server Sep 10 13:56:57 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2014 redis-secondary-ssh Sep 10 13:56:59 bastion LinuxCommandsWazuh: User ayush [3195255]: 450 exit Sep 10 13:57:33 bastion LinuxCommandsWazuh: User ankur [3145992]: 1993 k logs -f nitrox-dramatiq-8bb54b5b-6hdz4 Sep 10 13:57:44 bastion LinuxCommandsWazuh: User ankur [3147832]: 1997 k logs -f nitrox-dj-b96667d74-5qdx9 | grep -i "USER_DATA_EXPORT>>" Sep 10 13:58:11 bastion LinuxCommandsWazuh: User ankur [3147832]: 1997 k logs -f nitrox-dj-b96667d74-5qdx9 | grep -i "USER_DATA_EXPORT>>" Sep 10 13:58:37 bastion LinuxCommandsWazuh: User ankur [3145992]: 1993 k logs -f nitrox-dramatiq-8bb54b5b-6hdz4 Sep 10 13:58:44 bastion LinuxCommandsWazuh: User ankur [3145992]: 1994 k get hpa Sep 10 13:58:52 bastion LinuxCommandsWazuh: User abhijeet [3198951]: 1998 redis-ssh Sep 10 13:58:54 bastion LinuxCommandsWazuh: User mohtashim [3199016]: 10 exit Sep 10 13:58:55 bastion LinuxCommandsWazuh: User mohtashim [3199051]: 10 exit Sep 10 13:59:13 bastion LinuxCommandsWazuh: User ankur [3145992]: 1994 k get hpa Sep 10 13:59:19 bastion LinuxCommandsWazuh: User ankur [3145992]: 1995 k get pods | grep nitrox Sep 10 13:59:26 bastion LinuxCommandsWazuh: User ankur [3145992]: 1996 k get deploy Sep 10 13:59:39 bastion LinuxCommandsWazuh: User ankur [3145992]: 1997 k rollout restart deployment/nitrox-dramatiq Sep 10 14:00:02 bastion LinuxCommandsWazuh: User ankur [3145992]: 1998 stern nitrox-dramatiq Sep 10 14:00:03 bastion LinuxCommandsWazuh: User ankur [3145992]: 1998 stern nitrox-dramatiq Sep 10 14:00:09 bastion LinuxCommandsWazuh: User ankur [3145992]: 1999 k get pods | grep nitrox-dramatiq Sep 10 14:00:18 bastion LinuxCommandsWazuh: message repeated 8 times: [ User ankur [3145992]: 1999 k get pods | grep nitrox-dramatiq] Sep 10 14:00:44 bastion LinuxCommandsWazuh: User ankur [3145992]: 2000 k logs -f nitrox-dramatiq-799786d754-lgxcv Sep 10 14:00:45 bastion LinuxCommandsWazuh: User ankur [3145992]: 2001 k get pods | grep nitrox-dramatiq Sep 10 14:00:48 bastion LinuxCommandsWazuh: User ankur [3145992]: 2001 k get pods | grep nitrox-dramatiq Sep 10 14:01:05 bastion LinuxCommandsWazuh: User ubuntu [3131476]: 2015 redis-url-ssh Sep 10 14:01:18 bastion LinuxCommandsWazuh: User ankur [3145992]: 2002 stern nitrox-dramatiq Sep 10 14:02:14 bastion LinuxCommandsWazuh: User abhijeet [3198951]: 1999 internal-server Sep 10 14:02:16 bastion LinuxCommandsWazuh: User abhijeet [3198951]: 2000 cd Sep 10 14:02:17 bastion LinuxCommandsWazuh: User abhijeet [3198951]: 2001 ls Sep 10 14:02:29 bastion LinuxCommandsWazuh: User abhijeet [3198951]: 2002 crontab -e Sep 10 14:02:37 bastion LinuxCommandsWazuh: User ubuntu [3206421]: 1999 exit Sep 10 14:02:38 bastion LinuxCommandsWazuh: User ubuntu [3206421]: 2000 cd Sep 10 14:10:50 bastion LinuxCommandsWazuh: User ankur [3145992]: 2002 stern nitrox-dramatiq Sep 10 14:10:51 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [3145992]: 2002 stern nitrox-dramatiq] Sep 10 14:18:22 bastion LinuxCommandsWazuh: User ankur [3145992]: 2002 stern nitrox-dramatiq Sep 10 14:18:24 bastion LinuxCommandsWazuh: User ankur [3147832]: 1997 k logs -f nitrox-dj-b96667d74-5qdx9 | grep -i "USER_DATA_EXPORT>>" Sep 10 14:22:39 bastion LinuxCommandsWazuh: User ankur [3145992]: 2002 stern nitrox-dramatiq Sep 10 14:22:48 bastion LinuxCommandsWazuh: User ankur [3165552]: 1997 stern house-of-click | grep get-users-data Sep 10 14:22:50 bastion LinuxCommandsWazuh: User ankur [3147832]: 1997 k logs -f nitrox-dj-b96667d74-5qdx9 | grep -i "USER_DATA_EXPORT>>" Sep 10 14:28:03 bastion LinuxCommandsWazuh: User ankur [1207763]: 1493 redis Sep 10 14:28:10 bastion LinuxCommandsWazuh: User ankur [1207763]: 1493 redis Sep 10 14:28:15 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [1207763]: 1493 redis] Sep 10 14:28:39 bastion LinuxCommandsWazuh: User ankur [1207763]: 1493 redis Sep 10 14:29:11 bastion LinuxCommandsWazuh: User ankur [3810229]: 1677 redis-secondary Sep 10 14:29:13 bastion LinuxCommandsWazuh: User ankur [3118797]: 1992 byobu Sep 10 14:29:15 bastion LinuxCommandsWazuh: User ankur [3258172]: 1991 exit Sep 10 14:29:23 bastion LinuxCommandsWazuh: User ankur [3258172]: 1992 redis Sep 10 14:29:25 bastion LinuxCommandsWazuh: User ankur [3118797]: 1992 byobu Sep 10 14:33:11 bastion LinuxCommandsWazuh: User mohtashim [3199016]: 11 make mongo Sep 10 14:33:28 bastion LinuxCommandsWazuh: User mohtashim [3199016]: 12 mongo pixel_v1 Sep 10 14:33:29 bastion LinuxCommandsWazuh: message repeated 3 times: [ User mohtashim [3199016]: 12 mongo pixel_v1] Sep 10 14:33:31 bastion LinuxCommandsWazuh: User mohtashim [3199016]: 13 clear Sep 10 14:34:42 bastion LinuxCommandsWazuh: User ayush [3195255]: 451 cool-server Sep 10 14:34:44 bastion LinuxCommandsWazuh: User ubuntu [3206421]: 2001 crontab -e Sep 10 14:36:03 bastion LinuxCommandsWazuh: User ankur [3265791]: 1991 exit Sep 10 14:36:05 bastion LinuxCommandsWazuh: User ankur [3265864]: 1991 exit Sep 10 14:36:09 bastion LinuxCommandsWazuh: User ankur [3265864]: 1992 ls Sep 10 14:36:23 bastion LinuxCommandsWazuh: User ankur [3265864]: 1993 k get pods | grep nitrox Sep 10 14:36:29 bastion LinuxCommandsWazuh: User ankur [3265864]: 1994 k logs -f dramatiq:ingest.msgs Sep 10 14:37:12 bastion LinuxCommandsWazuh: User ankur [3265864]: 1995 k logs -f nitrox-dramatiq-799786d754-lgxcv Sep 10 14:37:12 bastion LinuxCommandsWazuh: message repeated 2 times: [ User ankur [3265864]: 1995 k logs -f nitrox-dramatiq-799786d754-lgxcv] Sep 10 14:38:12 bastion LinuxCommandsWazuh: User mohtashim [3199016]: 14 mongo pixel_v1 Sep 10 14:38:17 bastion LinuxCommandsWazuh: User mohtashim [3182340]: 11 mongo pixel_v1 Sep 10 14:45:07 bastion LinuxCommandsWazuh: User rihan [3283032]: 1336 exit Sep 10 14:45:21 bastion LinuxCommandsWazuh: User ankur [3265864]: 1996 redis Sep 10 14:45:27 bastion LinuxCommandsWazuh: User ankur [3265864]: 1997 k get pods | grep vortex Sep 10 14:50:08 bastion LinuxCommandsWazuh: User rihan [2131021]: 1298 mongo Sep 10 14:50:08 bastion LinuxCommandsWazuh: User rihan [2131021]: 1298 mongo Sep 10 14:52:40 bastion LinuxCommandsWazuh: User rihan [3923717]: 1300 psql -d vortex_v2 -U postgres Sep 10 14:54:09 bastion LinuxCommandsWazuh: User mohtashim [3199051]: 11 make cookie-bash Sep 10 14:54:16 bastion LinuxCommandsWazuh: User mohtashim [3199051]: 12 clear Sep 10 14:54:22 bastion LinuxCommandsWazuh: User ankur [3265864]: 1998 redis Sep 10 14:55:59 bastion LinuxCommandsWazuh: User mohtashim [3117457]: 11 make cookie-bash Sep 10 14:56:23 bastion LinuxCommandsWazuh: User mohtashim [3117457]: 12 mongo pixel_v1 Sep 10 14:56:47 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 11 byobu Sep 10 14:57:08 bastion LinuxCommandsWazuh: User ankur [3265864]: 1998 redis Sep 10 14:57:08 bastion LinuxCommandsWazuh: message repeated 3 times: [ User ankur [3265864]: 1998 redis] Sep 10 14:59:28 bastion LinuxCommandsWazuh: User ankur [3265864]: 1999 clickhouse-ssh Sep 10 14:59:31 bastion LinuxCommandsWazuh: User ankur [3265864]: 2000 exi t Sep 10 14:59:32 bastion LinuxCommandsWazuh: User ankur [3265791]: 1992 byobu Sep 10 15:15:14 bastion LinuxCommandsWazuh: User abhijeet [3337243]: 1998 sudo su ubuntu Sep 10 15:15:23 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 1999 crontab -e Sep 10 15:15:24 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2000 cd Sep 10 15:15:24 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2001 ls Sep 10 15:15:31 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2002 docker ps Sep 10 15:15:32 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2003 ls Sep 10 15:15:49 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2004 ufw --help Sep 10 15:16:00 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2005 ufw app list Sep 10 15:16:08 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2006 ufw list Sep 10 15:16:22 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2007 sudo ufw app list Sep 10 15:16:31 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2008 mosh --help Sep 10 15:17:28 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2009 sudo apt install -y squid Sep 10 15:17:48 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2010 systemctl status squid.service Sep 10 15:18:04 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2011 curl http://localhost:3128 Sep 10 15:18:42 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2012 cat /etc/squid/squid.conf Sep 10 15:18:52 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2013 ls Sep 10 15:19:34 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2014 vim /etc/squid/squid.conf Sep 10 15:19:46 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2015 cd /etc/squid/conf.d/ Sep 10 15:19:47 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2016 ls Sep 10 15:20:00 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2017 ls -leth Sep 10 15:20:03 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2018 ls -lrth Sep 10 15:24:06 bastion LinuxCommandsWazuh: User ankur [3347633]: 1991 exit Sep 10 15:24:09 bastion LinuxCommandsWazuh: User ankur [3347731]: 1991 exit Sep 10 15:24:11 bastion LinuxCommandsWazuh: User ankur [3347731]: 1991 exit Sep 10 15:24:46 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 11 byobu Sep 10 15:28:04 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 11 byobu Sep 10 15:42:04 bastion LinuxCommandsWazuh: User ping-pong [3383246]: 54 mongo Sep 10 15:47:50 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2019 sudo vim custom.conf Sep 10 15:48:39 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2020 sudo systemctl restart squid.service Sep 10 15:49:02 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2021 sudo systemctl status squid.service Sep 10 15:49:22 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2022 cat /var/log/squid/access.log Sep 10 15:49:25 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2023 sudo cat /var/log/squid/access.log Sep 10 15:49:33 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2024 sudo cat /var/log/squid/cache.log Sep 10 15:50:32 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2025 sudo vim custom.conf Sep 10 15:51:07 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2026 sudo systemctl restart squid.service Sep 10 15:51:12 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2027 sudo systemctl status squid.service Sep 10 15:51:28 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2028 sudo ss -tulnp | grep 3128 Sep 10 15:51:39 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2029 netstat -tunlp Sep 10 15:52:05 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2030 curl http://localhost:3128 Sep 10 15:52:10 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2031 curl http://localhost:3128/health Sep 10 15:52:17 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2032 sudo ss -tulnp | grep 3128 Sep 10 15:53:04 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2033 sudo systemctl enable squid Sep 10 15:53:10 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2034 sudo systemctl status squid.service Sep 10 15:53:12 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2034 sudo systemctl status squid.service Sep 10 16:11:39 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 1998 sudo su ubuntu Sep 10 16:12:04 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2035 curl ip.me Sep 10 16:12:33 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2036 nc -l 3128 Sep 10 16:14:58 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 1998 sudo su ubuntu Sep 10 16:14:59 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 1999 ls Sep 10 16:15:00 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 1999 ls Sep 10 16:19:22 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 1999 redis-ssh Sep 10 16:23:14 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2037 cat /var/log/squid/cache.log Sep 10 16:23:16 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2038 sudo cat /var/log/squid/cache.log Sep 10 16:23:20 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2038 sudo cat /var/log/squid/cache.log Sep 10 16:25:28 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 11 byobu Sep 10 16:25:57 bastion LinuxCommandsWazuh: User ankur [3347731]: 1992 mongo Sep 10 16:32:14 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 2000 dragonflydb-volatile-ssh Sep 10 16:35:03 bastion LinuxCommandsWazuh: User abhijeet [3486644]: 1998 sudo su ubuntu Sep 10 16:43:59 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 2000 dragonflydb-volatile-ssh Sep 10 16:45:49 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 2001 redis-ssh Sep 10 16:47:31 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 2001 redis-ssh Sep 10 16:48:43 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 12 mongo pixel_v1 Sep 10 16:49:26 bastion LinuxCommandsWazuh: User abhijeet [3514726]: 1998 sudo su ubuntu Sep 10 16:52:20 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2039 cd Sep 10 16:52:21 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2040 ls Sep 10 16:52:22 bastion LinuxCommandsWazuh: User ubuntu [3337397]: 2040 ls Sep 10 16:52:25 bastion LinuxCommandsWazuh: User abhijeet [3337243]: 1998 sudo su ubuntu Sep 10 16:52:27 bastion LinuxCommandsWazuh: User abhijeet [3337243]: 1999 exiot Sep 10 16:54:53 bastion LinuxCommandsWazuh: User mohtashim [3174903]: 13 byobu Sep 10 16:55:42 bastion LinuxCommandsWazuh: User ankur [3347731]: 1993 redis Sep 10 16:55:45 bastion LinuxCommandsWazuh: User ankur [3347633]: 1992 byobu Sep 10 16:56:25 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 2002 redis-secondary-ssh Sep 10 16:56:28 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 2003 ls Sep 10 16:56:32 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 2004 cd Sep 10 16:56:39 bastion LinuxCommandsWazuh: User abhijeet [3447071]: 2005 cat .bashrc Sep 10 16:57:39 bastion LinuxCommandsWazuh: User abhijeet [3514726]: 1999 dragonflydb-volatile-ssh Sep 10 16:57:43 bastion LinuxCommandsWazuh: User abhijeet [3529266]: 1998 exit Sep 10 16:57:43 bastion LinuxCommandsWazuh: User abhijeet [3529266]: 1999 ls Sep 10 16:57:46 bastion LinuxCommandsWazuh: User abhijeet [3529266]: 1999 ls Sep 10 16:58:10 bastion LinuxCommandsWazuh: User abhijeet [3529266]: 2000 curl telnet10.190.0.8:6379 Sep 10 16:58:18 bastion LinuxCommandsWazuh: User abhijeet [3529266]: 2001 curl -v telnet://10.190.0.8:6379 Sep 10 17:03:07 bastion LinuxCommandsWazuh: User rihan [3923717]: 1301 make cookie-bash Sep 10 17:19:25 bastion LinuxCommandsWazuh: User abhijeet [3529266]: 2002 ;ls Sep 10 17:32:07 bastion LinuxCommandsWazuh: User abhijeet [3563920]: 1998 exit Sep 10 17:34:12 bastion LinuxCommandsWazuh: User abhijeet [3565983]: 1998 exit Sep 10 17:34:14 bastion LinuxCommandsWazuh: User abhijeet [3565983]: 1999 ls Sep 10 17:41:56 bastion LinuxCommandsWazuh: User rihan [3283032]: 1337 byobu Sep 10 17:44:43 bastion LinuxCommandsWazuh: User mohtashim [3574363]: 24 byobu Sep 10 17:44:46 bastion LinuxCommandsWazuh: User mohtashim [3574363]: 24 byobu Sep 10 18:28:58 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 2002 redis-url-ssh Sep 10 18:29:00 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 2003 ls Sep 10 18:29:11 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 1999 exit Sep 10 18:29:12 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2000 cd Sep 10 18:29:26 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2001 systemctl status squid.service Sep 10 18:29:33 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2002 cat /etc/squid/conf.d/custom.conf Sep 10 18:34:16 bastion LinuxCommandsWazuh: User abhijeet [3579707]: 1998 exit Sep 10 18:35:24 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2003 redis-ssh Sep 10 18:44:01 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 1999 exit Sep 10 18:44:01 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 2000 cd Sep 10 18:44:02 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 2001 ls Sep 10 18:44:05 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 2002 cd bin/ Sep 10 18:44:05 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 2003 ls Sep 10 18:44:07 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 2004 cat start_slack.sh Sep 10 18:45:20 bastion LinuxCommandsWazuh: User ubuntu [3580665]: 2005 cat cpu_and_memory.sh Sep 10 18:47:05 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2004 redis-url-ssh Sep 10 18:47:06 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2005 lsd Sep 10 18:47:07 bastion LinuxCommandsWazuh: User ubuntu [3579315]: 2005 lsd Sep 10 18:47:08 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 2004 sudo su ubuntu Sep 10 18:47:08 bastion LinuxCommandsWazuh: User abhijeet [3440719]: 2005 ls Sep 10 18:53:49 bastion LinuxCommandsWazuh: User aman [3581744]: 218 exit Sep 10 18:53:58 bastion LinuxCommandsWazuh: User aman [3581744]: 219 "authorization": "S2S SMq1zfEuTjHO3IcOEfHIYSbQJmEk63g7F3KrKsCW9WcZW8ykKUaxoEDIK6MDj3zxlGv1vkjl5TRLZZRzlOoyfibq", Sep 10 18:53:58 bastion LinuxCommandsWazuh: message repeated 2 times: [ User aman [3581744]: 219 "authorization": "S2S SMq1zfEuTjHO3IcOEfHIYSbQJmEk63g7F3KrKsCW9WcZW8ykKUaxoEDIK6MDj3zxlGv1vkjl5TRLZZRzlOoyfibq",] Sep 10 18:54:37 bastion LinuxCommandsWazuh: User aman [3581744]: 220 psql -h 10.94.16.3 -p 5432 -U dbuser -d nitrox_v2 Sep 10 19:18:36 bastion LinuxCommandsWazuh: User rihan [3584276]: 1337 byobu Sep 10 19:18:59 bastion LinuxCommandsWazuh: User abhijeet [3584792]: 1998 redis-secondary-ssh Sep 10 19:19:01 bastion LinuxCommandsWazuh: User abhijeet [3584792]: 1999 ls Sep 10 19:19:56 bastion LinuxCommandsWazuh: User abhijeet [3585761]: 1998 redis-secondary-ssh Sep 10 19:28:26 bastion LinuxCommandsWazuh: User abhijeet [3594463]: 1998 redis-secondary-ssh Sep 10 21:03:31 bastion LinuxCommandsWazuh: User abhijeet [3689926]: 1998 dragonflydb-volatile-ssh Sep 10 21:03:35 bastion LinuxCommandsWazuh: User ayush [3690007]: 451 cool-server Sep 10 21:14:17 bastion LinuxCommandsWazuh: User ayush [3690007]: 451 cool-server Sep 10 21:15:37 bastion LinuxCommandsWazuh: User abhijeet [3701948]: 1998 sudo su ayush Sep 10 21:15:40 bastion LinuxCommandsWazuh: User abhijeet [3701948]: 1999 ssh shamail@10.2.0.1 Sep 10 21:15:45 bastion LinuxCommandsWazuh: User abhijeet [3701948]: 2000 ls Sep 10 21:15:56 bastion LinuxCommandsWazuh: User ayush [3702889]: 451 cool-server Sep 10 21:27:52 bastion LinuxCommandsWazuh: User ayush [3702889]: 451 cool-server